mirror of
https://github.com/containous/traefik.git
synced 2026-01-25 00:33:01 +03:00
Compare commits
30 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
94eba471f1 | ||
|
954eaab5f7 | ||
|
|
82c756006b | ||
|
08b1336af0 | ||
|
|
3315a9fbec | ||
|
77af7e4dea | ||
|
27b27e9b1f | ||
|
34d8491ac2 | ||
|
97158ac770 | ||
|
105bf1cfd6 | ||
|
a6516d36eb | ||
|
5492079915 | ||
|
5d3706468d | ||
|
|
dc6d54532d | ||
|
93f7cb1082 | ||
|
|
df50421b53 | ||
|
12d792cdef | ||
|
|
f7280439e6 | ||
|
|
0e360966a0 | ||
|
|
6af404b9da | ||
|
|
50c254a522 | ||
|
a16c2326b3 | ||
|
b4abd8dc2c | ||
|
f71b941995 | ||
|
78e2dab155 | ||
|
|
704f69272c | ||
|
|
4854dee208 | ||
|
|
34b91218f4 | ||
|
|
8bdcd72042 | ||
|
|
2ad42cd0ec |
7
.github/workflows/build.yaml
vendored
7
.github/workflows/build.yaml
vendored
@@ -20,6 +20,7 @@ jobs:
|
||||
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 20
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -51,12 +52,12 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
env:
|
||||
ImageOS: ${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.goarm }}
|
||||
with:
|
||||
@@ -64,7 +65,7 @@ jobs:
|
||||
check-latest: true
|
||||
|
||||
- name: Artifact webui
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v7
|
||||
with:
|
||||
name: webui.tar.gz
|
||||
|
||||
|
||||
5
.github/workflows/codeql.yml
vendored
5
.github/workflows/codeql.yml
vendored
@@ -12,6 +12,7 @@ jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 30
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
@@ -28,10 +29,10 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: setup go
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
if: ${{ matrix.language == 'go' }}
|
||||
with:
|
||||
go-version-file: 'go.mod'
|
||||
|
||||
3
.github/workflows/documentation.yaml
vendored
3
.github/workflows/documentation.yaml
vendored
@@ -16,11 +16,12 @@ jobs:
|
||||
docs:
|
||||
name: Doc Process
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
if: github.repository == 'traefik/traefik'
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
||||
7
.github/workflows/experimental.yaml
vendored
7
.github/workflows/experimental.yaml
vendored
@@ -20,15 +20,16 @@ jobs:
|
||||
if: github.repository == 'traefik/traefik'
|
||||
name: Build experimental image on branch
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 20
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
env:
|
||||
ImageOS: ${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.goarm }}
|
||||
with:
|
||||
@@ -54,7 +55,7 @@ jobs:
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Artifact webui
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v7
|
||||
with:
|
||||
name: webui.tar.gz
|
||||
|
||||
|
||||
15
.github/workflows/release.yaml
vendored
15
.github/workflows/release.yaml
vendored
@@ -21,6 +21,7 @@ jobs:
|
||||
build:
|
||||
if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 45
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -30,12 +31,12 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
env:
|
||||
# Ensure cache consistency on Linux, see https://github.com/actions/setup-go/pull/383
|
||||
ImageOS: ${{ matrix.os }}
|
||||
@@ -44,7 +45,7 @@ jobs:
|
||||
check-latest: true
|
||||
|
||||
- name: Artifact webui
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v7
|
||||
with:
|
||||
name: webui.tar.gz
|
||||
|
||||
@@ -83,18 +84,19 @@ jobs:
|
||||
release:
|
||||
if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 45
|
||||
|
||||
needs:
|
||||
- build
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Artifact webui
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v7
|
||||
with:
|
||||
name: webui.tar.gz
|
||||
|
||||
@@ -111,7 +113,7 @@ jobs:
|
||||
echo "${TRAEFIKER_RSA}" | base64 --decode > ~/.ssh/traefiker_rsa
|
||||
|
||||
- name: Download All Artifacts
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v7
|
||||
with:
|
||||
path: dist/
|
||||
pattern: "*-binaries"
|
||||
@@ -133,4 +135,3 @@ jobs:
|
||||
gh release create ${VERSION} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${VERSION} --notes ${VERSION} --latest=false
|
||||
|
||||
./script/deploy.sh
|
||||
|
||||
|
||||
3
.github/workflows/sync-docker-images.yaml
vendored
3
.github/workflows/sync-docker-images.yaml
vendored
@@ -8,13 +8,14 @@ on:
|
||||
jobs:
|
||||
sync:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
permissions:
|
||||
packages: write
|
||||
contents: read
|
||||
if: github.repository == 'traefik/traefik'
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- uses: actions/checkout@v6
|
||||
|
||||
- uses: imjasonh/setup-crane@v0.4
|
||||
|
||||
|
||||
7
.github/workflows/template-webui.yaml
vendored
7
.github/workflows/template-webui.yaml
vendored
@@ -7,10 +7,11 @@ jobs:
|
||||
|
||||
build-webui:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 20
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
@@ -18,7 +19,7 @@ jobs:
|
||||
run: corepack enable
|
||||
|
||||
- name: Setup node
|
||||
uses: actions/setup-node@v4
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
node-version-file: webui/.nvmrc
|
||||
cache: yarn
|
||||
@@ -41,7 +42,7 @@ jobs:
|
||||
tar czvf webui.tar.gz ./webui/static/
|
||||
|
||||
- name: Artifact webui
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@v6
|
||||
with:
|
||||
name: webui.tar.gz
|
||||
path: webui.tar.gz
|
||||
|
||||
@@ -19,15 +19,16 @@ jobs:
|
||||
|
||||
test-gateway-api-conformance:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 20
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
|
||||
12
.github/workflows/test-integration.yaml
vendored
12
.github/workflows/test-integration.yaml
vendored
@@ -17,15 +17,16 @@ jobs:
|
||||
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 20
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
@@ -53,6 +54,7 @@ jobs:
|
||||
|
||||
test-integration:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 90
|
||||
needs:
|
||||
- build
|
||||
strategy:
|
||||
@@ -63,18 +65,18 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
|
||||
- name: Download traefik binary
|
||||
uses: actions/download-artifact@v4
|
||||
uses: actions/download-artifact@v7
|
||||
with:
|
||||
name: traefik
|
||||
path: ./dist/linux/amd64/
|
||||
|
||||
@@ -19,15 +19,16 @@ jobs:
|
||||
|
||||
test-knative-conformance:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 20
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
|
||||
|
||||
13
.github/workflows/test-unit.yaml
vendored
13
.github/workflows/test-unit.yaml
vendored
@@ -16,16 +16,17 @@ jobs:
|
||||
generate-packages:
|
||||
name: List Go Packages
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
outputs:
|
||||
matrix: ${{ steps.set-matrix.outputs.matrix }}
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
@@ -39,6 +40,7 @@ jobs:
|
||||
|
||||
test-unit:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
needs: generate-packages
|
||||
strategy:
|
||||
matrix:
|
||||
@@ -46,12 +48,12 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
@@ -62,10 +64,11 @@ jobs:
|
||||
|
||||
test-ui-unit:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
|
||||
17
.github/workflows/validate.yaml
vendored
17
.github/workflows/validate.yaml
vendored
@@ -7,22 +7,23 @@ on:
|
||||
|
||||
env:
|
||||
GO_VERSION: '1.24'
|
||||
GOLANGCI_LINT_VERSION: v2.0.2
|
||||
GOLANGCI_LINT_VERSION: v2.8.0
|
||||
MISSPELL_VERSION: v0.7.0
|
||||
|
||||
jobs:
|
||||
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
@@ -34,15 +35,16 @@ jobs:
|
||||
|
||||
validate:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
@@ -55,15 +57,16 @@ jobs:
|
||||
|
||||
validate-generate:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
|
||||
steps:
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v5
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Set up Go ${{ env.GO_VERSION }}
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
check-latest: true
|
||||
|
||||
@@ -36,6 +36,7 @@ linters:
|
||||
- nilnil # Not relevant
|
||||
- nlreturn # Not relevant
|
||||
- noctx # Too strict
|
||||
- noinlineerr # Too strict
|
||||
- nonamedreturns # Too strict
|
||||
- paralleltest # Not relevant
|
||||
- prealloc # Too many false-positive.
|
||||
@@ -47,6 +48,7 @@ linters:
|
||||
- varnamelen # Not relevant
|
||||
- wrapcheck # Too strict
|
||||
- wsl # Too strict
|
||||
- wsl_v5 # Too strict
|
||||
|
||||
settings:
|
||||
depguard:
|
||||
@@ -295,15 +297,31 @@ linters:
|
||||
source: 'errors.New\("Nomad provider'
|
||||
text: 'ST1005: error strings should not be capitalized'
|
||||
- path: (.+)\.go
|
||||
text: 'struct-tag: unknown option ''inline'' in JSON tag'
|
||||
text: 'omitzero: Omitempty has no effect on nested struct field'
|
||||
linters:
|
||||
- modernize
|
||||
- path: (.+)\.go
|
||||
text: 'struct-tag: unknown option "inline" in json tag'
|
||||
linters:
|
||||
- revive
|
||||
- path: (.+)\.go
|
||||
text: 'struct-tag: unknown option ''omitzero'' in TOML tag'
|
||||
text: 'struct-tag: unknown option "omitzero" in toml tag'
|
||||
linters:
|
||||
- revive
|
||||
- path: (pkg/types/.+|pkg/api/.+|pkg/observability/types/.+)\.go
|
||||
text: 'var-naming: avoid meaningless package names'
|
||||
linters:
|
||||
- revive
|
||||
- path: (pkg/muxer/http/.+|pkg/provider/http/.+)\.go
|
||||
text: 'var-naming: avoid package names that conflict with Go standard library package names'
|
||||
linters:
|
||||
- revive
|
||||
- path: (.+)\.go$
|
||||
text: 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed
|
||||
- path: (.+)\.go$
|
||||
text: 'SA1019: dynamic.(TCPIPWhiteList|IPWhiteList) is deprecated: please use IPAllowList instead.'
|
||||
- path: (.+)\.go$
|
||||
text: 'SA1019: middlewareTCP.Spec.IPWhiteList is deprecated: please use IPAllowList instead.'
|
||||
- path: (.+)\.go$
|
||||
text: 'SA1019: cfg.(SSLRedirect|SSLTemporaryRedirect|SSLHost|SSLForceHost|FeaturePolicy) is deprecated'
|
||||
- path: (.+)\.go$
|
||||
|
||||
@@ -10,6 +10,7 @@ import (
|
||||
// TraefikCmdConfiguration wraps the static configuration and extra parameters.
|
||||
type TraefikCmdConfiguration struct {
|
||||
static.Configuration `export:"true"`
|
||||
|
||||
// ConfigFile is the path to the configuration file.
|
||||
ConfigFile string `description:"Configuration file to use. If specified all other flags are ignored." export:"true"`
|
||||
}
|
||||
|
||||
@@ -61,7 +61,12 @@ func Do(staticConfiguration static.Configuration) (*http.Response, error) {
|
||||
return nil, fmt.Errorf("ping: missing %s entry point", ep)
|
||||
}
|
||||
|
||||
client := &http.Client{Timeout: 5 * time.Second}
|
||||
client := &http.Client{
|
||||
Timeout: 5 * time.Second,
|
||||
Transport: &http.Transport{
|
||||
Proxy: nil,
|
||||
},
|
||||
}
|
||||
protocol := "http"
|
||||
|
||||
// TODO Handle TLS on ping etc...
|
||||
|
||||
@@ -83,7 +83,7 @@ func run(dest string) error {
|
||||
return err
|
||||
}
|
||||
|
||||
return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666)
|
||||
return os.WriteFile(filepath.Join(dest, "marshaler.go"), fmt.Appendf(nil, marsh, destPkg), 0o666)
|
||||
}
|
||||
|
||||
func cleanType(typ types.Type, base string) string {
|
||||
|
||||
@@ -231,6 +231,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
|
||||
|
||||
if staticConfiguration.API != nil {
|
||||
version.DisableDashboardAd = staticConfiguration.API.DisableDashboardAd
|
||||
version.DashboardName = staticConfiguration.API.DashboardName
|
||||
}
|
||||
|
||||
// Plugins
|
||||
|
||||
@@ -603,3 +603,25 @@ in [RFC3986 section-3](https://datatracker.ietf.org/doc/html/rfc3986#section-3).
|
||||
|
||||
Please check out the entrypoint [encodedCharacters option](../routing/entrypoints.md#encoded-characters) documentation
|
||||
for more details.
|
||||
|
||||
## v3.7.0
|
||||
|
||||
### Ingress NGINX Provider
|
||||
|
||||
Starting with `v3.7.0`, the Ingress NGINX provider now supports the `nginx.ingress.kubernetes.io/custom-headers` annotation to add custom headers to the response forwarded to the client.
|
||||
|
||||
Therefore, in the corresponding RBACs (see [KubernetesIngressNGINX](../reference/dynamic-configuration/kubernetes-ingress-nginx-rbac.yml) provider RBACs) the `configmaps` right has been added.
|
||||
|
||||
**Required RBAC Updates:**
|
||||
|
||||
```yaml
|
||||
...
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
...
|
||||
```
|
||||
|
||||
@@ -378,6 +378,9 @@
|
||||
serverName = "foobar"
|
||||
insecureSkipVerify = true
|
||||
rootCAs = ["foobar", "foobar"]
|
||||
cipherSuites = ["foobar", "foobar"]
|
||||
minVersion = "foobar"
|
||||
maxVersion = "foobar"
|
||||
maxIdleConnsPerHost = 42
|
||||
disableHTTP2 = true
|
||||
peerCertURI = "foobar"
|
||||
@@ -402,6 +405,9 @@
|
||||
serverName = "foobar"
|
||||
insecureSkipVerify = true
|
||||
rootCAs = ["foobar", "foobar"]
|
||||
cipherSuites = ["foobar", "foobar"]
|
||||
minVersion = "foobar"
|
||||
maxVersion = "foobar"
|
||||
maxIdleConnsPerHost = 42
|
||||
disableHTTP2 = true
|
||||
peerCertURI = "foobar"
|
||||
|
||||
@@ -437,6 +437,11 @@ http:
|
||||
keyFile: foobar
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
cipherSuites:
|
||||
- foobar
|
||||
- foobar
|
||||
minVersion: foobar
|
||||
maxVersion: foobar
|
||||
maxIdleConnsPerHost: 42
|
||||
forwardingTimeouts:
|
||||
dialTimeout: 42s
|
||||
@@ -462,6 +467,11 @@ http:
|
||||
keyFile: foobar
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
cipherSuites:
|
||||
- foobar
|
||||
- foobar
|
||||
minVersion: foobar
|
||||
maxVersion: foobar
|
||||
maxIdleConnsPerHost: 42
|
||||
forwardingTimeouts:
|
||||
dialTimeout: 42s
|
||||
|
||||
@@ -47,6 +47,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
parentRefs:
|
||||
description: |-
|
||||
ParentRefs defines references to parent IngressRoute resources for multi-layer routing.
|
||||
@@ -373,6 +377,7 @@ spec:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
|
||||
|
||||
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
|
||||
type: string
|
||||
required:
|
||||
@@ -509,6 +514,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
@@ -584,6 +593,7 @@ spec:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/service/#proxy-protocol
|
||||
|
||||
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
|
||||
properties:
|
||||
version:
|
||||
@@ -606,6 +616,7 @@ spec:
|
||||
hence fully terminating the connection.
|
||||
It is a duration in milliseconds, defaulting to 100.
|
||||
A negative value means an infinite deadline (i.e. the reading capability is never closed).
|
||||
|
||||
Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
|
||||
type: integer
|
||||
tls:
|
||||
@@ -626,6 +637,7 @@ spec:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
|
||||
|
||||
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
|
||||
enum:
|
||||
- v3
|
||||
@@ -765,6 +777,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
@@ -1060,6 +1076,7 @@ spec:
|
||||
description: |-
|
||||
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
|
||||
be automatically set to a value derived from the contents of the response.
|
||||
|
||||
Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
|
||||
type: boolean
|
||||
type: object
|
||||
@@ -1088,6 +1105,39 @@ spec:
|
||||
containing user credentials.
|
||||
type: string
|
||||
type: object
|
||||
encodedCharacters:
|
||||
description: EncodedCharacters configures which encoded characters
|
||||
are allowed in the request path.
|
||||
properties:
|
||||
allowEncodedBackSlash:
|
||||
description: AllowEncodedBackSlash defines whether requests with
|
||||
encoded back slash characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedHash:
|
||||
description: AllowEncodedHash defines whether requests with encoded
|
||||
hash characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedNullCharacter:
|
||||
description: AllowEncodedNullCharacter defines whether requests
|
||||
with encoded null characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedPercent:
|
||||
description: AllowEncodedPercent defines whether requests with
|
||||
encoded percent characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedQuestionMark:
|
||||
description: AllowEncodedQuestionMark defines whether requests
|
||||
with encoded question mark characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedSemicolon:
|
||||
description: AllowEncodedSemicolon defines whether requests with
|
||||
encoded semicolon characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedSlash:
|
||||
description: AllowEncodedSlash defines whether requests with encoded
|
||||
slash characters in the path are allowed.
|
||||
type: boolean
|
||||
type: object
|
||||
errors:
|
||||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
@@ -2212,8 +2262,9 @@ spec:
|
||||
description: |-
|
||||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/middlewares/ipwhitelist/
|
||||
|
||||
Deprecated: please use IPAllowList instead.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
@@ -2280,6 +2331,12 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: CipherSuites defines the cipher suites to use when contacting
|
||||
backend servers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
disableHTTP2:
|
||||
description: DisableHTTP2 disables HTTP/2 for connections with backend
|
||||
servers.
|
||||
@@ -2340,6 +2397,14 @@ spec:
|
||||
to keep per-host.
|
||||
minimum: -1
|
||||
type: integer
|
||||
maxVersion:
|
||||
description: MaxVersion defines the maximum TLS version to use when
|
||||
contacting backend servers.
|
||||
type: string
|
||||
minVersion:
|
||||
description: MinVersion defines the minimum TLS version to use when
|
||||
contacting backend servers.
|
||||
type: string
|
||||
peerCertURI:
|
||||
description: PeerCertURI defines the peer cert URI used to match against
|
||||
SAN URI during the peer certificate verification.
|
||||
@@ -2370,6 +2435,7 @@ spec:
|
||||
rootCAsSecrets:
|
||||
description: |-
|
||||
RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
|
||||
|
||||
Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
|
||||
items:
|
||||
type: string
|
||||
@@ -2524,6 +2590,7 @@ spec:
|
||||
rootCAsSecrets:
|
||||
description: |-
|
||||
RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
|
||||
|
||||
Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
|
||||
items:
|
||||
type: string
|
||||
@@ -2659,6 +2726,7 @@ spec:
|
||||
description: |-
|
||||
PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
|
||||
Deprecated: https://github.com/golang/go/issues/45430
|
||||
type: boolean
|
||||
sniStrict:
|
||||
|
||||
@@ -8,6 +8,7 @@ rules:
|
||||
resources:
|
||||
- services
|
||||
- secrets
|
||||
- configmaps
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
|
||||
@@ -237,6 +237,8 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0certificates0keyFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates0keyFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates0keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/0/keyFile`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0certificates1certFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates1certFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates1certFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/certFile`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0certificates1keyFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates1keyFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates1keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/keyFile`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0cipherSuites0" href="#opt-traefikhttpserversTransportsServersTransport0cipherSuites0" title="#opt-traefikhttpserversTransportsServersTransport0cipherSuites0">`traefik/http/serversTransports/ServersTransport0/cipherSuites/0`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0cipherSuites1" href="#opt-traefikhttpserversTransportsServersTransport0cipherSuites1" title="#opt-traefikhttpserversTransportsServersTransport0cipherSuites1">`traefik/http/serversTransports/ServersTransport0/cipherSuites/1`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0disableHTTP2" href="#opt-traefikhttpserversTransportsServersTransport0disableHTTP2" title="#opt-traefikhttpserversTransportsServersTransport0disableHTTP2">`traefik/http/serversTransports/ServersTransport0/disableHTTP2`</a> | `true` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout`</a> | `42s` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
|
||||
@@ -245,6 +247,8 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify" href="#opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify" title="#opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify">`traefik/http/serversTransports/ServersTransport0/insecureSkipVerify`</a> | `true` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" href="#opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" title="#opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost`</a> | `42` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0maxVersion" href="#opt-traefikhttpserversTransportsServersTransport0maxVersion" title="#opt-traefikhttpserversTransportsServersTransport0maxVersion">`traefik/http/serversTransports/ServersTransport0/maxVersion`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0minVersion" href="#opt-traefikhttpserversTransportsServersTransport0minVersion" title="#opt-traefikhttpserversTransportsServersTransport0minVersion">`traefik/http/serversTransports/ServersTransport0/minVersion`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0peerCertURI" href="#opt-traefikhttpserversTransportsServersTransport0peerCertURI" title="#opt-traefikhttpserversTransportsServersTransport0peerCertURI">`traefik/http/serversTransports/ServersTransport0/peerCertURI`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0rootCAs0" href="#opt-traefikhttpserversTransportsServersTransport0rootCAs0" title="#opt-traefikhttpserversTransportsServersTransport0rootCAs0">`traefik/http/serversTransports/ServersTransport0/rootCAs/0`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport0rootCAs1" href="#opt-traefikhttpserversTransportsServersTransport0rootCAs1" title="#opt-traefikhttpserversTransportsServersTransport0rootCAs1">`traefik/http/serversTransports/ServersTransport0/rootCAs/1`</a> | `foobar` |
|
||||
@@ -256,6 +260,8 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1certificates0keyFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates0keyFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates0keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1certificates1certFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates1certFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates1certFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/certFile`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1certificates1keyFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates1keyFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates1keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/keyFile`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1cipherSuites0" href="#opt-traefikhttpserversTransportsServersTransport1cipherSuites0" title="#opt-traefikhttpserversTransportsServersTransport1cipherSuites0">`traefik/http/serversTransports/ServersTransport1/cipherSuites/0`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1cipherSuites1" href="#opt-traefikhttpserversTransportsServersTransport1cipherSuites1" title="#opt-traefikhttpserversTransportsServersTransport1cipherSuites1">`traefik/http/serversTransports/ServersTransport1/cipherSuites/1`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1disableHTTP2" href="#opt-traefikhttpserversTransportsServersTransport1disableHTTP2" title="#opt-traefikhttpserversTransportsServersTransport1disableHTTP2">`traefik/http/serversTransports/ServersTransport1/disableHTTP2`</a> | `true` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout`</a> | `42s` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
|
||||
@@ -264,6 +270,8 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify" href="#opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify" title="#opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify">`traefik/http/serversTransports/ServersTransport1/insecureSkipVerify`</a> | `true` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" href="#opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" title="#opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost`</a> | `42` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1maxVersion" href="#opt-traefikhttpserversTransportsServersTransport1maxVersion" title="#opt-traefikhttpserversTransportsServersTransport1maxVersion">`traefik/http/serversTransports/ServersTransport1/maxVersion`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1minVersion" href="#opt-traefikhttpserversTransportsServersTransport1minVersion" title="#opt-traefikhttpserversTransportsServersTransport1minVersion">`traefik/http/serversTransports/ServersTransport1/minVersion`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1peerCertURI" href="#opt-traefikhttpserversTransportsServersTransport1peerCertURI" title="#opt-traefikhttpserversTransportsServersTransport1peerCertURI">`traefik/http/serversTransports/ServersTransport1/peerCertURI`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1rootCAs0" href="#opt-traefikhttpserversTransportsServersTransport1rootCAs0" title="#opt-traefikhttpserversTransportsServersTransport1rootCAs0">`traefik/http/serversTransports/ServersTransport1/rootCAs/0`</a> | `foobar` |
|
||||
| <a id="opt-traefikhttpserversTransportsServersTransport1rootCAs1" href="#opt-traefikhttpserversTransportsServersTransport1rootCAs1" title="#opt-traefikhttpserversTransportsServersTransport1rootCAs1">`traefik/http/serversTransports/ServersTransport1/rootCAs/1`</a> | `foobar` |
|
||||
|
||||
@@ -1,114 +0,0 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.16.1
|
||||
name: tlsoptions.traefik.containo.us
|
||||
spec:
|
||||
group: traefik.containo.us
|
||||
names:
|
||||
kind: TLSOption
|
||||
listKind: TLSOptionList
|
||||
plural: tlsoptions
|
||||
singular: tlsoption
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: |-
|
||||
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
|
||||
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#tls-options
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TLSOptionSpec defines the desired state of a TLSOption.
|
||||
properties:
|
||||
alpnProtocols:
|
||||
description: |-
|
||||
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
|
||||
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#alpn-protocols
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: |-
|
||||
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
|
||||
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#cipher-suites
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clientAuth:
|
||||
description: ClientAuth defines the server's policy for TLS Client
|
||||
Authentication.
|
||||
properties:
|
||||
clientAuthType:
|
||||
description: ClientAuthType defines the client authentication
|
||||
type to apply.
|
||||
enum:
|
||||
- NoClientCert
|
||||
- RequestClientCert
|
||||
- RequireAnyClientCert
|
||||
- VerifyClientCertIfGiven
|
||||
- RequireAndVerifyClientCert
|
||||
type: string
|
||||
secretNames:
|
||||
description: SecretNames defines the names of the referenced Kubernetes
|
||||
Secret storing certificate details.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
curvePreferences:
|
||||
description: |-
|
||||
CurvePreferences defines the preferred elliptic curves.
|
||||
More info: https://doc.traefik.io/traefik/v2.11/https/tls/#curve-preferences
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
maxVersion:
|
||||
description: |-
|
||||
MaxVersion defines the maximum TLS version that Traefik will accept.
|
||||
Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
||||
Default: None.
|
||||
type: string
|
||||
minVersion:
|
||||
description: |-
|
||||
MinVersion defines the minimum TLS version that Traefik will accept.
|
||||
Possible values: VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13.
|
||||
Default: VersionTLS10.
|
||||
type: string
|
||||
preferServerCipherSuites:
|
||||
description: |-
|
||||
PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
Deprecated: https://github.com/golang/go/issues/45430
|
||||
type: boolean
|
||||
sniStrict:
|
||||
description: SniStrict defines whether Traefik allows connections
|
||||
from clients connections that do not specify a server_name extension.
|
||||
type: boolean
|
||||
type: object
|
||||
required:
|
||||
- metadata
|
||||
- spec
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
@@ -48,6 +48,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
parentRefs:
|
||||
description: |-
|
||||
ParentRefs defines references to parent IngressRoute resources for multi-layer routing.
|
||||
@@ -374,6 +378,7 @@ spec:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
|
||||
|
||||
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
|
||||
type: string
|
||||
required:
|
||||
|
||||
@@ -48,6 +48,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
@@ -123,6 +127,7 @@ spec:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/service/#proxy-protocol
|
||||
|
||||
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
|
||||
properties:
|
||||
version:
|
||||
@@ -145,6 +150,7 @@ spec:
|
||||
hence fully terminating the connection.
|
||||
It is a duration in milliseconds, defaulting to 100.
|
||||
A negative value means an infinite deadline (i.e. the reading capability is never closed).
|
||||
|
||||
Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
|
||||
type: integer
|
||||
tls:
|
||||
@@ -165,6 +171,7 @@ spec:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
|
||||
|
||||
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
|
||||
enum:
|
||||
- v3
|
||||
|
||||
@@ -48,6 +48,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
|
||||
@@ -231,6 +231,7 @@ spec:
|
||||
description: |-
|
||||
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
|
||||
be automatically set to a value derived from the contents of the response.
|
||||
|
||||
Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
|
||||
type: boolean
|
||||
type: object
|
||||
@@ -259,6 +260,39 @@ spec:
|
||||
containing user credentials.
|
||||
type: string
|
||||
type: object
|
||||
encodedCharacters:
|
||||
description: EncodedCharacters configures which encoded characters
|
||||
are allowed in the request path.
|
||||
properties:
|
||||
allowEncodedBackSlash:
|
||||
description: AllowEncodedBackSlash defines whether requests with
|
||||
encoded back slash characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedHash:
|
||||
description: AllowEncodedHash defines whether requests with encoded
|
||||
hash characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedNullCharacter:
|
||||
description: AllowEncodedNullCharacter defines whether requests
|
||||
with encoded null characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedPercent:
|
||||
description: AllowEncodedPercent defines whether requests with
|
||||
encoded percent characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedQuestionMark:
|
||||
description: AllowEncodedQuestionMark defines whether requests
|
||||
with encoded question mark characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedSemicolon:
|
||||
description: AllowEncodedSemicolon defines whether requests with
|
||||
encoded semicolon characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedSlash:
|
||||
description: AllowEncodedSlash defines whether requests with encoded
|
||||
slash characters in the path are allowed.
|
||||
type: boolean
|
||||
type: object
|
||||
errors:
|
||||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
|
||||
@@ -69,8 +69,9 @@ spec:
|
||||
description: |-
|
||||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/middlewares/ipwhitelist/
|
||||
|
||||
Deprecated: please use IPAllowList instead.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
|
||||
@@ -49,6 +49,12 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: CipherSuites defines the cipher suites to use when contacting
|
||||
backend servers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
disableHTTP2:
|
||||
description: DisableHTTP2 disables HTTP/2 for connections with backend
|
||||
servers.
|
||||
@@ -109,6 +115,14 @@ spec:
|
||||
to keep per-host.
|
||||
minimum: -1
|
||||
type: integer
|
||||
maxVersion:
|
||||
description: MaxVersion defines the maximum TLS version to use when
|
||||
contacting backend servers.
|
||||
type: string
|
||||
minVersion:
|
||||
description: MinVersion defines the minimum TLS version to use when
|
||||
contacting backend servers.
|
||||
type: string
|
||||
peerCertURI:
|
||||
description: PeerCertURI defines the peer cert URI used to match against
|
||||
SAN URI during the peer certificate verification.
|
||||
@@ -139,6 +153,7 @@ spec:
|
||||
rootCAsSecrets:
|
||||
description: |-
|
||||
RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
|
||||
|
||||
Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
|
||||
items:
|
||||
type: string
|
||||
|
||||
@@ -124,6 +124,7 @@ spec:
|
||||
rootCAsSecrets:
|
||||
description: |-
|
||||
RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
|
||||
|
||||
Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
|
||||
items:
|
||||
type: string
|
||||
|
||||
@@ -103,6 +103,7 @@ spec:
|
||||
description: |-
|
||||
PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
|
||||
Deprecated: https://github.com/golang/go/issues/45430
|
||||
type: boolean
|
||||
sniStrict:
|
||||
|
||||
@@ -10,6 +10,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-accesslog" href="#opt-accesslog" title="#opt-accesslog">accesslog</a> | Access log settings. | false |
|
||||
| <a id="opt-accesslog-addinternals" href="#opt-accesslog-addinternals" title="#opt-accesslog-addinternals">accesslog.addinternals</a> | Enables access log for internal services (ping, dashboard, etc...). | false |
|
||||
| <a id="opt-accesslog-bufferingsize" href="#opt-accesslog-bufferingsize" title="#opt-accesslog-bufferingsize">accesslog.bufferingsize</a> | Number of access log lines to process in a buffered way. | 0 |
|
||||
| <a id="opt-accesslog-dualoutput" href="#opt-accesslog-dualoutput" title="#opt-accesslog-dualoutput">accesslog.dualoutput</a> | Enables access log output alongside OTLP. By default, this output is disabled when OTLP is configured. | false |
|
||||
| <a id="opt-accesslog-fields-defaultmode" href="#opt-accesslog-fields-defaultmode" title="#opt-accesslog-fields-defaultmode">accesslog.fields.defaultmode</a> | Default mode for fields: keep | drop | keep |
|
||||
| <a id="opt-accesslog-fields-headers-defaultmode" href="#opt-accesslog-fields-headers-defaultmode" title="#opt-accesslog-fields-headers-defaultmode">accesslog.fields.headers.defaultmode</a> | Default mode for fields: keep | drop | redact | drop |
|
||||
| <a id="opt-accesslog-fields-headers-names-name" href="#opt-accesslog-fields-headers-names-name" title="#opt-accesslog-fields-headers-names-name">accesslog.fields.headers.names._name_</a> | Override mode for headers | |
|
||||
@@ -40,6 +41,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-api" href="#opt-api" title="#opt-api">api</a> | Enable api/dashboard. | false |
|
||||
| <a id="opt-api-basepath" href="#opt-api-basepath" title="#opt-api-basepath">api.basepath</a> | Defines the base path where the API and Dashboard will be exposed. | / |
|
||||
| <a id="opt-api-dashboard" href="#opt-api-dashboard" title="#opt-api-dashboard">api.dashboard</a> | Activate dashboard. | true |
|
||||
| <a id="opt-api-dashboardname" href="#opt-api-dashboardname" title="#opt-api-dashboardname">api.dashboardname</a> | Custom name for the dashboard. | |
|
||||
| <a id="opt-api-debug" href="#opt-api-debug" title="#opt-api-debug">api.debug</a> | Enable additional endpoints for debugging and profiling. | false |
|
||||
| <a id="opt-api-disabledashboardad" href="#opt-api-disabledashboardad" title="#opt-api-disabledashboardad">api.disabledashboardad</a> | Disable ad in the dashboard. | false |
|
||||
| <a id="opt-api-insecure" href="#opt-api-insecure" title="#opt-api-insecure">api.insecure</a> | Activate API directly on the entryPoint named traefik. | false |
|
||||
@@ -49,6 +51,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-certificatesresolvers-name-acme-caservername" href="#opt-certificatesresolvers-name-acme-caservername" title="#opt-certificatesresolvers-name-acme-caservername">certificatesresolvers._name_.acme.caservername</a> | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
|
||||
| <a id="opt-certificatesresolvers-name-acme-casystemcertpool" href="#opt-certificatesresolvers-name-acme-casystemcertpool" title="#opt-certificatesresolvers-name-acme-casystemcertpool">certificatesresolvers._name_.acme.casystemcertpool</a> | Define if the certificates pool must use a copy of the system cert pool. | false |
|
||||
| <a id="opt-certificatesresolvers-name-acme-certificatesduration" href="#opt-certificatesresolvers-name-acme-certificatesduration" title="#opt-certificatesresolvers-name-acme-certificatesduration">certificatesresolvers._name_.acme.certificatesduration</a> | Certificates' duration in hours. | 2160 |
|
||||
| <a id="opt-certificatesresolvers-name-acme-certificatetimeout" href="#opt-certificatesresolvers-name-acme-certificatetimeout" title="#opt-certificatesresolvers-name-acme-certificatetimeout">certificatesresolvers._name_.acme.certificatetimeout</a> | Timeout for obtaining the certificate during the finalization request. | 30 |
|
||||
| <a id="opt-certificatesresolvers-name-acme-clientresponseheadertimeout" href="#opt-certificatesresolvers-name-acme-clientresponseheadertimeout" title="#opt-certificatesresolvers-name-acme-clientresponseheadertimeout">certificatesresolvers._name_.acme.clientresponseheadertimeout</a> | Timeout for receiving the response headers when communicating with the ACME server. | 30 |
|
||||
| <a id="opt-certificatesresolvers-name-acme-clienttimeout" href="#opt-certificatesresolvers-name-acme-clienttimeout" title="#opt-certificatesresolvers-name-acme-clienttimeout">certificatesresolvers._name_.acme.clienttimeout</a> | Timeout for a complete HTTP transaction with the ACME server. | 120 |
|
||||
| <a id="opt-certificatesresolvers-name-acme-disablecommonname" href="#opt-certificatesresolvers-name-acme-disablecommonname" title="#opt-certificatesresolvers-name-acme-disablecommonname">certificatesresolvers._name_.acme.disablecommonname</a> | Disable the common name in the CSR. | false |
|
||||
@@ -83,6 +86,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-entrypoints-name-asdefault" href="#opt-entrypoints-name-asdefault" title="#opt-entrypoints-name-asdefault">entrypoints._name_.asdefault</a> | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false |
|
||||
| <a id="opt-entrypoints-name-forwardedheaders-connection" href="#opt-entrypoints-name-forwardedheaders-connection" title="#opt-entrypoints-name-forwardedheaders-connection">entrypoints._name_.forwardedheaders.connection</a> | List of Connection headers that are allowed to pass through the middleware chain before being removed. | |
|
||||
| <a id="opt-entrypoints-name-forwardedheaders-insecure" href="#opt-entrypoints-name-forwardedheaders-insecure" title="#opt-entrypoints-name-forwardedheaders-insecure">entrypoints._name_.forwardedheaders.insecure</a> | Trust all forwarded headers. | false |
|
||||
| <a id="opt-entrypoints-name-forwardedheaders-notappendxforwardedfor" href="#opt-entrypoints-name-forwardedheaders-notappendxforwardedfor" title="#opt-entrypoints-name-forwardedheaders-notappendxforwardedfor">entrypoints._name_.forwardedheaders.notappendxforwardedfor</a> | Disable appending RemoteAddr to X-Forwarded-For header. Defaults to false (appending is enabled). | false |
|
||||
| <a id="opt-entrypoints-name-forwardedheaders-trustedips" href="#opt-entrypoints-name-forwardedheaders-trustedips" title="#opt-entrypoints-name-forwardedheaders-trustedips">entrypoints._name_.forwardedheaders.trustedips</a> | Trust only forwarded headers from selected IPs. | |
|
||||
| <a id="opt-entrypoints-name-http" href="#opt-entrypoints-name-http" title="#opt-entrypoints-name-http">entrypoints._name_.http</a> | HTTP configuration. | |
|
||||
| <a id="opt-entrypoints-name-http-encodedcharacters-allowencodedbackslash" href="#opt-entrypoints-name-http-encodedcharacters-allowencodedbackslash" title="#opt-entrypoints-name-http-encodedcharacters-allowencodedbackslash">entrypoints._name_.http.encodedcharacters.allowencodedbackslash</a> | Defines whether requests with encoded back slash characters in the path are allowed. | true |
|
||||
@@ -148,6 +152,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-experimental-plugins-name-settings-useunsafe" href="#opt-experimental-plugins-name-settings-useunsafe" title="#opt-experimental-plugins-name-settings-useunsafe">experimental.plugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe and syscall packages. | false |
|
||||
| <a id="opt-experimental-plugins-name-version" href="#opt-experimental-plugins-name-version" title="#opt-experimental-plugins-name-version">experimental.plugins._name_.version</a> | plugin's version. | |
|
||||
| <a id="opt-global-checknewversion" href="#opt-global-checknewversion" title="#opt-global-checknewversion">global.checknewversion</a> | Periodically check if a new version has been released. | true |
|
||||
| <a id="opt-global-notappendxforwardedfor" href="#opt-global-notappendxforwardedfor" title="#opt-global-notappendxforwardedfor">global.notappendxforwardedfor</a> | Disable appending RemoteAddr to X-Forwarded-For header. Defaults to false (appending is enabled). | false |
|
||||
| <a id="opt-global-sendanonymoususage" href="#opt-global-sendanonymoususage" title="#opt-global-sendanonymoususage">global.sendanonymoususage</a> | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false |
|
||||
| <a id="opt-hostresolver" href="#opt-hostresolver" title="#opt-hostresolver">hostresolver</a> | Enable CNAME Flattening. | false |
|
||||
| <a id="opt-hostresolver-cnameflattening" href="#opt-hostresolver-cnameflattening" title="#opt-hostresolver-cnameflattening">hostresolver.cnameflattening</a> | A flag to enable/disable CNAME flattening | false |
|
||||
@@ -349,7 +354,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
|
||||
| <a id="opt-providers-kubernetescrd-certauthfilepath" href="#opt-providers-kubernetescrd-certauthfilepath" title="#opt-providers-kubernetescrd-certauthfilepath">providers.kubernetescrd.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
|
||||
| <a id="opt-providers-kubernetescrd-disableclusterscoperesources" href="#opt-providers-kubernetescrd-disableclusterscoperesources" title="#opt-providers-kubernetescrd-disableclusterscoperesources">providers.kubernetescrd.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
|
||||
| <a id="opt-providers-kubernetescrd-endpoint" href="#opt-providers-kubernetescrd-endpoint" title="#opt-providers-kubernetescrd-endpoint">providers.kubernetescrd.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
|
||||
| <a id="opt-providers-kubernetescrd-ingressclass" href="#opt-providers-kubernetescrd-ingressclass" title="#opt-providers-kubernetescrd-ingressclass">providers.kubernetescrd.ingressclass</a> | Value of kubernetes.io/ingress.class annotation to watch for. | |
|
||||
| <a id="opt-providers-kubernetescrd-ingressclass" href="#opt-providers-kubernetescrd-ingressclass" title="#opt-providers-kubernetescrd-ingressclass">providers.kubernetescrd.ingressclass</a> | Value of ingressClassName field or kubernetes.io/ingress.class annotation to watch for. | |
|
||||
| <a id="opt-providers-kubernetescrd-labelselector" href="#opt-providers-kubernetescrd-labelselector" title="#opt-providers-kubernetescrd-labelselector">providers.kubernetescrd.labelselector</a> | Kubernetes label selector to use. | |
|
||||
| <a id="opt-providers-kubernetescrd-namespaces" href="#opt-providers-kubernetescrd-namespaces" title="#opt-providers-kubernetescrd-namespaces">providers.kubernetescrd.namespaces</a> | Kubernetes namespaces. | |
|
||||
| <a id="opt-providers-kubernetescrd-nativelbbydefault" href="#opt-providers-kubernetescrd-nativelbbydefault" title="#opt-providers-kubernetescrd-nativelbbydefault">providers.kubernetescrd.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
|
||||
|
||||
@@ -90,6 +90,7 @@ additionalArguments:
|
||||
| <a id="opt-asDefault" href="#opt-asDefault" title="#opt-asDefault">`asDefault`</a> | Mark the `entryPoint` to be in the list of default `entryPoints`.<br /> `entryPoints`in this list are used (by default) on HTTP and TCP routers that do not define their own `entryPoints` option.<br /> More information [here](#asdefault). | false | No |
|
||||
| <a id="opt-forwardedHeaders-trustedIPs" href="#opt-forwardedHeaders-trustedIPs" title="#opt-forwardedHeaders-trustedIPs">`forwardedHeaders.trustedIPs`</a> | Set the IPs or CIDR from where Traefik trusts the forwarded headers information (`X-Forwarded-*`). | - | No |
|
||||
| <a id="opt-forwardedHeaders-insecure" href="#opt-forwardedHeaders-insecure" title="#opt-forwardedHeaders-insecure">`forwardedHeaders.insecure`</a> | Set the insecure mode to always trust the forwarded headers information (`X-Forwarded-*`).<br />We recommend to use this option only for tests purposes, not in production. | false | No |
|
||||
| <a id="opt-forwardedHeaders-notAppendXForwardedFor" href="#opt-forwardedHeaders-notAppendXForwardedFor" title="#opt-forwardedHeaders-notAppendXForwardedFor">`forwardedHeaders.`<br />`notAppendXForwardedFor`</a> | When set to `true`, Traefik will not append the client's `RemoteAddr` to the `X-Forwarded-For` header. The existing header is preserved as-is. If no `X-Forwarded-For` header exists, none will be added. | false | No |
|
||||
| <a id="opt-http-redirections-entryPoint-to" href="#opt-http-redirections-entryPoint-to" title="#opt-http-redirections-entryPoint-to">`http.redirections.`<br />`entryPoint.to`</a> | The target element to enable (permanent) redirecting of all incoming requests on an entry point to another one. <br /> The target element can be an entry point name (ex: `websecure`), or a port (`:443`). | - | Yes |
|
||||
| <a id="opt-http-redirections-entryPoint-scheme" href="#opt-http-redirections-entryPoint-scheme" title="#opt-http-redirections-entryPoint-scheme">`http.redirections.`<br />`entryPoint.scheme`</a> | The target scheme to use for (permanent) redirection of all incoming requests. | https | No |
|
||||
| <a id="opt-http-redirections-entryPoint-permanent" href="#opt-http-redirections-entryPoint-permanent" title="#opt-http-redirections-entryPoint-permanent">`http.redirections.`<br />`entryPoint.permanent`</a> | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`). | false | No |
|
||||
|
||||
@@ -141,6 +141,9 @@ Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the
|
||||
|
||||
Access logs concern everything that happens to the requests handled by Traefik.
|
||||
|
||||
!!! note "Stdio logs are not enabled by default alongside OTLP exports"
|
||||
If you would like Stdio access logs to be available, use [accessLog.dualOutput](#opt-accesslog-dualOutput) option.
|
||||
|
||||
### Configuration Example
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
@@ -195,6 +198,7 @@ accessLog:
|
||||
|
||||
```sh tab="CLI"
|
||||
--accesslog=true
|
||||
--accesslog.dualoutput=true
|
||||
--accesslog.format=json
|
||||
--accesslog.filters.statuscodes=200,300-302
|
||||
--accesslog.filters.retryattempts
|
||||
@@ -213,6 +217,7 @@ The section below describes how to configure Traefik access logs using the stati
|
||||
| Field | Description | Default | Required |
|
||||
|:-----------|:--------------------------|:--------|:---------|
|
||||
| <a id="opt-accesslog-filePath" href="#opt-accesslog-filePath" title="#opt-accesslog-filePath">`accesslog.filePath`</a> | By default, the access logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| | No |
|
||||
| <a id="opt-accesslog-dualOutput" href="#opt-accesslog-dualOutput" title="#opt-accesslog-dualOutput">`accesslog.dualOutput`</a> | Force Stdio logging, even if OTLP is configured. By default, Stdio logging is disabled when OTLP is enabled for performance reasons. | false | No |
|
||||
| <a id="opt-accesslog-format" href="#opt-accesslog-format" title="#opt-accesslog-format">`accesslog.format`</a> | By default, logs are written using the Traefik Common Log Format (CLF).<br />Available formats: [`common`](#traefik-clf-format-fields) (Traefik extended CLF), [`genericCLF`](#generic-clf-format-fields) (standard CLF compatible with analyzers), or [`json`](#json-format-fields).<br />If the given format is unsupported, the default (`common`) is used instead. | "common" | No |
|
||||
| <a id="opt-accesslog-bufferingSize" href="#opt-accesslog-bufferingSize" title="#opt-accesslog-bufferingSize">`accesslog.bufferingSize`</a> | To write the logs in an asynchronous fashion, specify a `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No |
|
||||
| <a id="opt-accesslog-addInternals" href="#opt-accesslog-addInternals" title="#opt-accesslog-addInternals">`accesslog.addInternals`</a> | Enables access logs for internal resources (e.g.: `ping@internal`). | false | No |
|
||||
@@ -252,6 +257,8 @@ experimental:
|
||||
otlpLogs: true
|
||||
|
||||
accesslog:
|
||||
# Keep Stdio logs alongside OTEL logging
|
||||
dualOutput: true
|
||||
otlp:
|
||||
http:
|
||||
endpoint: https://collector:4318/v1/logs
|
||||
@@ -263,6 +270,9 @@ accesslog:
|
||||
[experimental]
|
||||
otlpLogs = true
|
||||
|
||||
[accessLog]
|
||||
dualOutput = true
|
||||
|
||||
[accesslog.otlp]
|
||||
http.endpoint = "https://collector:4318/v1/logs"
|
||||
http.headers.Authorization = "Bearer auth_asKXRhIMplM7El1JENjrotGouS1LYRdL"
|
||||
|
||||
@@ -60,7 +60,7 @@ providers:
|
||||
| <a id="opt-providers-kubernetesCRD-certAuthFilePath" href="#opt-providers-kubernetesCRD-certAuthFilePath" title="#opt-providers-kubernetesCRD-certAuthFilePath">`providers.kubernetesCRD.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
|
||||
| <a id="opt-providers-kubernetesCRD-namespaces" href="#opt-providers-kubernetesCRD-namespaces" title="#opt-providers-kubernetesCRD-namespaces">`providers.kubernetesCRD.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No |
|
||||
| <a id="opt-providers-kubernetesCRD-labelselector" href="#opt-providers-kubernetesCRD-labelselector" title="#opt-providers-kubernetesCRD-labelselector">`providers.kubernetesCRD.labelselector`</a> | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
|
||||
| <a id="opt-providers-kubernetesCRD-ingressClass" href="#opt-providers-kubernetesCRD-ingressClass" title="#opt-providers-kubernetesCRD-ingressClass">`providers.kubernetesCRD.ingressClass`</a> | Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
|
||||
| <a id="opt-providers-kubernetesCRD-ingressClass" href="#opt-providers-kubernetesCRD-ingressClass" title="#opt-providers-kubernetesCRD-ingressClass">`providers.kubernetesCRD.ingressClass`</a> | Value of `spec.ingressClassName` field (or the deprecated `kubernetes.io/ingress.class` annotation) that identifies resource objects to be processed.<br />If empty, resources missing the field/annotation, having an empty value, or the value `traefik` are processed.<br />The `spec.ingressClassName` field takes precedence over the annotation. | "" | No |
|
||||
| <a id="opt-providers-kubernetesCRD-throttleDuration" href="#opt-providers-kubernetesCRD-throttleDuration" title="#opt-providers-kubernetesCRD-throttleDuration">`providers.kubernetesCRD.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
|
||||
| <a id="opt-providers-kubernetesCRD-allowEmptyServices" href="#opt-providers-kubernetesCRD-allowEmptyServices" title="#opt-providers-kubernetesCRD-allowEmptyServices">`providers.kubernetesCRD.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
|
||||
| <a id="opt-providers-kubernetesCRD-allowCrossNamespace" href="#opt-providers-kubernetesCRD-allowCrossNamespace" title="#opt-providers-kubernetesCRD-allowCrossNamespace">`providers.kubernetesCRD.allowCrossNamespace`</a> | Allows the `IngressRoutes` to reference resources in namespaces other than theirs. | false | No |
|
||||
|
||||
@@ -91,6 +91,7 @@ ACME certificate resolvers have the following configuration options:
|
||||
| <a id="opt-acme-certificatesDuration" href="#opt-acme-certificatesDuration" title="#opt-acme-certificatesDuration">`acme.certificatesDuration`</a> | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
|
||||
| <a id="opt-acme-clientTimeout" href="#opt-acme-clientTimeout" title="#opt-acme-clientTimeout">`acme.clientTimeout`</a> | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No |
|
||||
| <a id="opt-acme-clientResponseHeaderTimeout" href="#opt-acme-clientResponseHeaderTimeout" title="#opt-acme-clientResponseHeaderTimeout">`acme.clientResponseHeaderTimeout`</a> | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No |
|
||||
| <a id="opt-acme-certificateTimeout" href="#opt-acme-certificateTimeout" title="#opt-acme-certificateTimeout">`acme.certificateTimeout`</a> | Timeout for obtaining the certificate during the finalization request. Set this if the ACME server is slow to issue a certificate. | 30s | No |
|
||||
| <a id="opt-acme-dnsChallenge" href="#opt-acme-dnsChallenge" title="#opt-acme-dnsChallenge">`acme.dnsChallenge`</a> | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
|
||||
| <a id="opt-acme-dnsChallenge-provider" href="#opt-acme-dnsChallenge-provider" title="#opt-acme-dnsChallenge-provider">`acme.dnsChallenge.provider`</a> | DNS provider to use. | "" | No |
|
||||
| <a id="opt-acme-dnsChallenge-resolvers" href="#opt-acme-dnsChallenge-resolvers" title="#opt-acme-dnsChallenge-resolvers">`acme.dnsChallenge.resolvers`</a> | DNS servers to resolve the FQDN authority. | [] | No |
|
||||
|
||||
@@ -35,6 +35,11 @@ http:
|
||||
- "spiffe://example.org/id1"
|
||||
- "spiffe://example.org/id2"
|
||||
trustDomain: "example.org"
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
minVersion: VersionTLS12
|
||||
maxVersion: VersionTLS12
|
||||
```
|
||||
|
||||
```toml tab="Structured (TOML)"
|
||||
@@ -46,6 +51,9 @@ http:
|
||||
maxIdleConnsPerHost = 100
|
||||
disableHTTP2 = true
|
||||
peerCertURI = "spiffe://example.org/peer"
|
||||
cipherSuites = ["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"]
|
||||
minVersion = "VersionTLS12"
|
||||
maxVersion = "VersionTLS12"
|
||||
|
||||
[http.serversTransports.mytransport.forwardingTimeouts]
|
||||
dialTimeout = "30s"
|
||||
@@ -100,6 +108,9 @@ labels:
|
||||
| <a id="opt-certificates" href="#opt-certificates" title="#opt-certificates">`certificates`</a> | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | [] | No |
|
||||
| <a id="opt-insecureSkipVerify" href="#opt-insecureSkipVerify" title="#opt-insecureSkipVerify">`insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
|
||||
| <a id="opt-rootcas" href="#opt-rootcas" title="#opt-rootcas">`rootcas`</a> | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | [] | No |
|
||||
| <a id="opt-cipherSuites" href="#opt-cipherSuites" title="#opt-cipherSuites">`cipherSuites`</a> | Defines the cipher suites to use when contacting backend servers. | [] | No |
|
||||
| <a id="opt-minVersion" href="#opt-minVersion" title="#opt-minVersion">`minVersion`</a> | Defines the minimum TLS version to use when contacting backend servers. | "" | No |
|
||||
| <a id="opt-maxVersion" href="#opt-maxVersion" title="#opt-maxVersion">`maxVersion`</a> | Defines the maximum TLS version to use when contacting backend servers. | "" | No |
|
||||
| <a id="opt-maxIdleConnsPerHost" href="#opt-maxIdleConnsPerHost" title="#opt-maxIdleConnsPerHost">`maxIdleConnsPerHost`</a> | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
|
||||
| <a id="opt-disableHTTP2" href="#opt-disableHTTP2" title="#opt-disableHTTP2">`disableHTTP2`</a> | Disables HTTP/2 for connections with servers. | false | No |
|
||||
| <a id="opt-peerCertURI" href="#opt-peerCertURI" title="#opt-peerCertURI">`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
|
||||
|
||||
@@ -0,0 +1,62 @@
|
||||
---
|
||||
title: "Traefik EncodedCharacters Documentation"
|
||||
description: "In Traefik Proxy, the EncodedCharacters middleware controls which ambiguous reserved encoded characters are allowed in the request path. Read the technical documentation."
|
||||
---
|
||||
|
||||
The EncodedCharacters middleware controls which ambiguous reserved encoded characters are allowed in the request path.
|
||||
|
||||
When you use this middleware, by default, potentially dangerous encoded characters are rejected for security enhancement.
|
||||
|
||||
## Configuration Examples
|
||||
|
||||
```yaml tab="Docker & Swarm"
|
||||
# Allow encoded slash in the request path.
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-encodedchars.encodedcharacters.allowencodedslash=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
# Allow encoded slash in the request path.
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: Middleware
|
||||
metadata:
|
||||
name: test-encodedchars
|
||||
spec:
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: true
|
||||
```
|
||||
|
||||
```yaml tab="Consul Catalog"
|
||||
# Allow encoded slash in the request path.
|
||||
- "traefik.http.middlewares.test-encodedchars.encodedcharacters.allowencodedslash=true"
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
# Allow encoded slash in the request path.
|
||||
http:
|
||||
middlewares:
|
||||
test-encodedchars:
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: true
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
# Allow encoded slash in the request path.
|
||||
[http.middlewares]
|
||||
[http.middlewares.test-encodedchars.encodedCharacters]
|
||||
allowEncodedSlash = true
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
|
||||
When you are configuring these options, check if your backend is fully compliant with [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986).
|
||||
This helps avoid split-view situation, where Traefik and your backend interpret the same URL differently.
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|-------------------------|--------------------------------------------------------------------|---------| -------- |
|
||||
| <a id="opt-allowEncodedSlash" href="#opt-allowEncodedSlash" title="#opt-allowEncodedSlash">`allowEncodedSlash`</a> | Allow encoded slash (`%2F` and `%2f`) in the request path. | `false` | No |
|
||||
| <a id="opt-allowEncodedBackSlash" href="#opt-allowEncodedBackSlash" title="#opt-allowEncodedBackSlash">`allowEncodedBackSlash`</a> | Allow encoded backslash (`%5C` and `%5c`) in the request path. | `false` | No |
|
||||
| <a id="opt-allowEncodedSemicolon" href="#opt-allowEncodedSemicolon" title="#opt-allowEncodedSemicolon">`allowEncodedSemicolon`</a> | Allow encoded semicolon (`%3B` and `%3b`) in the request path. | `false` | No |
|
||||
| <a id="opt-allowEncodedPercent" href="#opt-allowEncodedPercent" title="#opt-allowEncodedPercent">`allowEncodedPercent`</a> | Allow encoded percent (`%25`) in the request path. | `false` | No |
|
||||
| <a id="opt-allowEncodedQuestionMark" href="#opt-allowEncodedQuestionMark" title="#opt-allowEncodedQuestionMark">`allowEncodedQuestionMark`</a> | Allow encoded question mark (`%3F` and `%3f`) in the request path. | `false` | No |
|
||||
| <a id="opt-allowEncodedHash" href="#opt-allowEncodedHash" title="#opt-allowEncodedHash">`allowEncodedHash`</a> | Allow encoded hash (`%23`) in the request path. | `false` | No |
|
||||
@@ -18,8 +18,8 @@ Middlewares that use the same protocol can be combined into chains to fit every
|
||||
|
||||
## Available HTTP Middlewares
|
||||
|
||||
| Middleware | Purpose | Area |
|
||||
|-------------------------------------------|---------------------------------------------------|-----------------------------|
|
||||
| Middleware | Purpose | Area |
|
||||
|------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------|-----------------------------|
|
||||
| <a id="opt-AddPrefix" href="#opt-AddPrefix" title="#opt-AddPrefix">[AddPrefix](addprefix.md)</a> | Adds a Path Prefix | Path Modifier |
|
||||
| <a id="opt-BasicAuth" href="#opt-BasicAuth" title="#opt-BasicAuth">[BasicAuth](basicauth.md)</a> | Adds Basic Authentication | Security, Authentication |
|
||||
| <a id="opt-Buffering" href="#opt-Buffering" title="#opt-Buffering">[Buffering](buffering.md)</a> | Buffers the request/response | Request Lifecycle |
|
||||
@@ -28,6 +28,7 @@ Middlewares that use the same protocol can be combined into chains to fit every
|
||||
| <a id="opt-Compress" href="#opt-Compress" title="#opt-Compress">[Compress](compress.md)</a> | Compresses the response | Content Modifier |
|
||||
| <a id="opt-ContentType" href="#opt-ContentType" title="#opt-ContentType">[ContentType](contenttype.md)</a> | Handles Content-Type auto-detection | Misc |
|
||||
| <a id="opt-DigestAuth" href="#opt-DigestAuth" title="#opt-DigestAuth">[DigestAuth](digestauth.md)</a> | Adds Digest Authentication | Security, Authentication |
|
||||
| <a id="opt-EncodedCharacters" href="#opt-EncodedCharacters" title="#opt-EncodedCharacters">[EncodedCharacters](encodedcharacters.md)</a> | Defines allowed reserved encoded characters in the request path | Security, Request Lifecycle |
|
||||
| <a id="opt-Errors" href="#opt-Errors" title="#opt-Errors">[Errors](errorpages.md)</a> | Defines custom error pages | Request Lifecycle |
|
||||
| <a id="opt-ForwardAuth" href="#opt-ForwardAuth" title="#opt-ForwardAuth">[ForwardAuth](forwardauth.md)</a> | Delegates Authentication | Security, Authentication |
|
||||
| <a id="opt-GrpcWeb" href="#opt-GrpcWeb" title="#opt-GrpcWeb">[GrpcWeb](grpcweb.md)</a> | Converts gRPC Web requests to HTTP/2 gRPC requests. | Request |
|
||||
|
||||
@@ -103,7 +103,7 @@ labels:
|
||||
|----------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|----------|
|
||||
| <a id="opt-entryPoints" href="#opt-entryPoints" title="#opt-entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, HTTP routers are attached to all entry points. | All entry points | No |
|
||||
| <a id="opt-rule" href="#opt-rule" title="#opt-rule">`rule`</a> | Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria. If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service. See [Rules & Priority](./rules-and-priority.md) for details. | | Yes |
|
||||
| <a id="opt-priority" href="#opt-priority" title="#opt-priority">`priority`</a> | To avoid path overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
|
||||
| <a id="opt-priority" href="#opt-priority" title="#opt-priority">`priority`</a> | To avoid path overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. Negative values are supported. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
|
||||
| <a id="opt-middlewares" href="#opt-middlewares" title="#opt-middlewares">`middlewares`</a> | The list of middlewares that are applied to the router. Middlewares are applied in the order they are declared. See [Middlewares overview](../middlewares/overview.md) for available middlewares. | | No |
|
||||
| <a id="opt-tls" href="#opt-tls" title="#opt-tls">`tls`</a> | TLS configuration for the router. When specified, the router will only handle HTTPS requests. | | No |
|
||||
| <a id="opt-tls-certResolver" href="#opt-tls-certResolver" title="#opt-tls-certResolver">`tls.certResolver`</a> | The name of the certificate resolver to use for automatic certificate generation. See [Certificate Resolver](../tls/overview.md#certificate-resolver) for details. | | No |
|
||||
|
||||
@@ -225,6 +225,8 @@ The priority is directly equal to the length of the rule, and so the longest len
|
||||
|
||||
A value of `0` for the priority is ignored: `priority: 0` means that the default rules length sorting is used.
|
||||
|
||||
Negative priority values are supported.
|
||||
|
||||
Traefik reserves a range of priorities for its internal routers, the maximum user-defined router priority value is:
|
||||
|
||||
- `(MaxInt32 - 1000)` for 32-bit platforms,
|
||||
|
||||
@@ -21,6 +21,7 @@ metadata:
|
||||
namespace: apps
|
||||
|
||||
spec:
|
||||
ingressClassName: traefik-lb
|
||||
entryPoints:
|
||||
- web
|
||||
parentRefs:
|
||||
@@ -79,6 +80,7 @@ spec:
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
|
||||
| <a id="opt-ingressClassName" href="#opt-ingressClassName" title="#opt-ingressClassName">`ingressClassName`</a> | Defines the [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) cluster resource to use. It replaces the deprecated `kubernetes.io/ingress.class` annotation.<br />The spec field takes precedence over the annotation. | | No |
|
||||
| <a id="opt-entryPoints" href="#opt-entryPoints" title="#opt-entryPoints">`entryPoints`</a> | List of [entry points](../../../../install-configuration/entrypoints.md) names.<br />If not specified, HTTP routers will accept requests from all EntryPoints in the list of default EntryPoints. | | No |
|
||||
| <a id="opt-parentRefs" href="#opt-parentRefs" title="#opt-parentRefs">`parentRefs`</a> | List of references to parent IngressRoute resources for multi-layer routing. When specified, this IngressRoute's routers become children of the referenced parent IngressRoute's routers. See [Multi-Layer Routing](#multi-layer-routing-with-ingressroutes) section for details. | | No |
|
||||
| <a id="opt-parentRefsn-name" href="#opt-parentRefsn-name" title="#opt-parentRefsn-name">`parentRefs[n].name`</a> | Name of the referenced parent IngressRoute resource. | | Yes |
|
||||
@@ -86,7 +88,7 @@ spec:
|
||||
| <a id="opt-routes" href="#opt-routes" title="#opt-routes">`routes`</a> | List of routes. | | Yes |
|
||||
| <a id="opt-routesn-kind" href="#opt-routesn-kind" title="#opt-routesn-kind">`routes[n].kind`</a> | Kind of router matching, only `Rule` is allowed yet. | "Rule" | No |
|
||||
| <a id="opt-routesn-match" href="#opt-routesn-match" title="#opt-routesn-match">`routes[n].match`</a> | Defines the [rule](../../../http/routing/rules-and-priority.md#rules) corresponding to an underlying router. | | Yes |
|
||||
| <a id="opt-routesn-priority" href="#opt-routesn-priority" title="#opt-routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../http/routing/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used. | 0 | No |
|
||||
| <a id="opt-routesn-priority" href="#opt-routesn-priority" title="#opt-routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../http/routing/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used.<br />Negative values are supported. | 0 | No |
|
||||
| <a id="opt-routesn-middlewares" href="#opt-routesn-middlewares" title="#opt-routesn-middlewares">`routes[n].middlewares`</a> | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
|
||||
| <a id="opt-routesn-middlewaresm-name" href="#opt-routesn-middlewaresm-name" title="#opt-routesn-middlewaresm-name">`routes[n].`<br />`middlewares[m].`<br />`name`</a> | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
|
||||
| <a id="opt-routesn-middlewaresm-namespace" href="#opt-routesn-middlewaresm-namespace" title="#opt-routesn-middlewaresm-namespace">`routes[n].`<br />`middlewares[m].`<br />`namespace`</a> | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
|
||||
|
||||
@@ -67,6 +67,21 @@ spec:
|
||||
| <a id="opt-serverstransport-forwardingTimeouts-idleConnTimeout" href="#opt-serverstransport-forwardingTimeouts-idleConnTimeout" title="#opt-serverstransport-forwardingTimeouts-idleConnTimeout">`serverstransport.`<br />`forwardingTimeouts.idleConnTimeout`</a> | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />Zero means no timeout. | 90s | No |
|
||||
| <a id="opt-serverstransport-spiffe-ids" href="#opt-serverstransport-spiffe-ids" title="#opt-serverstransport-spiffe-ids">`serverstransport.`<br />`spiffe.ids`</a> | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
|
||||
| <a id="opt-serverstransport-spiffe-trustDomain" href="#opt-serverstransport-spiffe-trustDomain" title="#opt-serverstransport-spiffe-trustDomain">`serverstransport.`<br />`spiffe.trustDomain`</a> | Allow SPIFFE trust domain. | "" | No |
|
||||
| <a id="opt-serverstransport-serverName-2" href="#opt-serverstransport-serverName-2" title="#opt-serverstransport-serverName-2">`serverstransport.`<br />`serverName`</a> | Defines the server name that will be used for SNI. | | No |
|
||||
| <a id="opt-serverstransport-insecureSkipVerify-2" href="#opt-serverstransport-insecureSkipVerify-2" title="#opt-serverstransport-insecureSkipVerify-2">`serverstransport.`<br />`insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
|
||||
| <a id="opt-serverstransport-rootcas-2" href="#opt-serverstransport-rootcas-2" title="#opt-serverstransport-rootcas-2">`serverstransport.`<br />`rootcas`</a> | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No |
|
||||
| <a id="opt-serverstransport-certificatesSecrets-2" href="#opt-serverstransport-certificatesSecrets-2" title="#opt-serverstransport-certificatesSecrets-2">`serverstransport.`<br />`certificatesSecrets`</a> | Certificates to present to the server for mTLS. | | No |
|
||||
| <a id="opt-serverstransport-cipherSuites" href="#opt-serverstransport-cipherSuites" title="#opt-serverstransport-cipherSuites">`serverstransport.`<br />`cipherSuites`</a> | Defines the cipher suites to use when contacting backend servers. | [] | No |
|
||||
| <a id="opt-serverstransport-minVersion" href="#opt-serverstransport-minVersion" title="#opt-serverstransport-minVersion">`serverstransport.`<br />`minVersion`</a> | Defines the minimum TLS version to use when contacting backend servers. | "" | No |
|
||||
| <a id="opt-serverstransport-maxVersion" href="#opt-serverstransport-maxVersion" title="#opt-serverstransport-maxVersion">`serverstransport.`<br />`maxVersion`</a> | Defines the maximum TLS version to use when contacting backend servers. | "" | No |
|
||||
| <a id="opt-serverstransport-maxIdleConnsPerHost-2" href="#opt-serverstransport-maxIdleConnsPerHost-2" title="#opt-serverstransport-maxIdleConnsPerHost-2">`serverstransport.`<br />`maxIdleConnsPerHost`</a> | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
|
||||
| <a id="opt-serverstransport-disableHTTP2-2" href="#opt-serverstransport-disableHTTP2-2" title="#opt-serverstransport-disableHTTP2-2">`serverstransport.`<br />`disableHTTP2`</a> | Disables HTTP/2 for connections with servers. | false | No |
|
||||
| <a id="opt-serverstransport-peerCertURI-2" href="#opt-serverstransport-peerCertURI-2" title="#opt-serverstransport-peerCertURI-2">`serverstransport.`<br />`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
|
||||
| <a id="opt-serverstransport-forwardingTimeouts-dialTimeout-2" href="#opt-serverstransport-forwardingTimeouts-dialTimeout-2" title="#opt-serverstransport-forwardingTimeouts-dialTimeout-2">`serverstransport.`<br />`forwardingTimeouts.dialTimeout`</a> | Amount of time to wait until a connection to a server can be established.<br />Zero means no timeout. | 30s | No |
|
||||
| <a id="opt-serverstransport-forwardingTimeouts-responseHeaderTimeout-2" href="#opt-serverstransport-forwardingTimeouts-responseHeaderTimeout-2" title="#opt-serverstransport-forwardingTimeouts-responseHeaderTimeout-2">`serverstransport.`<br />`forwardingTimeouts.responseHeaderTimeout`</a> | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />Zero means no timeout | 0s | No |
|
||||
| <a id="opt-serverstransport-forwardingTimeouts-idleConnTimeout-2" href="#opt-serverstransport-forwardingTimeouts-idleConnTimeout-2" title="#opt-serverstransport-forwardingTimeouts-idleConnTimeout-2">`serverstransport.`<br />`forwardingTimeouts.idleConnTimeout`</a> | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />Zero means no timeout. | 90s | No |
|
||||
| <a id="opt-serverstransport-spiffe-ids-2" href="#opt-serverstransport-spiffe-ids-2" title="#opt-serverstransport-spiffe-ids-2">`serverstransport.`<br />`spiffe.ids`</a> | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
|
||||
| <a id="opt-serverstransport-spiffe-trustDomain-2" href="#opt-serverstransport-spiffe-trustDomain-2" title="#opt-serverstransport-spiffe-trustDomain-2">`serverstransport.`<br />`spiffe.trustDomain`</a> | Allow SPIFFE trust domain. | "" | No |
|
||||
|
||||
!!! note "CA Secret"
|
||||
The CA secret must contain a base64 encoded certificate under either a tls.ca or a ca.crt key.
|
||||
|
||||
@@ -24,6 +24,7 @@ metadata:
|
||||
namespace: apps
|
||||
|
||||
spec:
|
||||
ingressClassName: traefik-lb
|
||||
entryPoints:
|
||||
- footcp
|
||||
routes:
|
||||
@@ -58,6 +59,7 @@ spec:
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|-------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------|-----------------------|
|
||||
| <a id="opt-ingressClassName" href="#opt-ingressClassName" title="#opt-ingressClassName">`ingressClassName`</a> | Defines the [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) cluster resource to use. It replaces the deprecated `kubernetes.io/ingress.class` annotation.<br />The spec field takes precedence over the annotation. | | No |
|
||||
| <a id="opt-entryPoints" href="#opt-entryPoints" title="#opt-entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
|
||||
| <a id="opt-routes" href="#opt-routes" title="#opt-routes">`routes`</a> | List of routes. | | Yes |
|
||||
| <a id="opt-routesn-match" href="#opt-routesn-match" title="#opt-routesn-match">`routes[n].match`</a> | Defines the [rule](../../../tcp/routing/rules-and-priority.md#rules) of the underlying router. | | Yes |
|
||||
|
||||
@@ -18,6 +18,7 @@ metadata:
|
||||
name: ingressrouteudpfoo
|
||||
namespace: apps
|
||||
spec:
|
||||
ingressClassName: traefik-lb
|
||||
entryPoints:
|
||||
- fooudp # The entry point where Traefik listens for incoming traffic.
|
||||
routes:
|
||||
@@ -32,6 +33,7 @@ spec:
|
||||
|
||||
| Field | Description | Default | Required |
|
||||
|------------------------------------|-----------------------------|-------------------------------------------|-----------------------|
|
||||
| <a id="opt-ingressClassName" href="#opt-ingressClassName" title="#opt-ingressClassName">`ingressClassName`</a> | Defines the [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) cluster resource to use. It replaces the deprecated `kubernetes.io/ingress.class` annotation.<br />The spec field takes precedence over the annotation. | | No |
|
||||
| <a id="opt-entryPoints" href="#opt-entryPoints" title="#opt-entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
|
||||
| <a id="opt-routes" href="#opt-routes" title="#opt-routes">` routes `</a> | List of routes. | | Yes |
|
||||
| <a id="opt-routesn-services" href="#opt-routesn-services" title="#opt-routesn-services">`routes[n].services`</a> | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. See [here](#externalname-service) for `ExternalName Service` setup. | | No |
|
||||
|
||||
@@ -288,14 +288,17 @@ The following annotations are organized by category for easier navigation.
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-domain" href="#opt-nginx-ingress-kubernetes-iosession-cookie-domain" title="#opt-nginx-ingress-kubernetes-iosession-cookie-domain">`nginx.ingress.kubernetes.io/session-cookie-domain`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-samesite" href="#opt-nginx-ingress-kubernetes-iosession-cookie-samesite" title="#opt-nginx-ingress-kubernetes-iosession-cookie-samesite">`nginx.ingress.kubernetes.io/session-cookie-samesite`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-max-age" href="#opt-nginx-ingress-kubernetes-iosession-cookie-max-age" title="#opt-nginx-ingress-kubernetes-iosession-cookie-max-age">`nginx.ingress.kubernetes.io/session-cookie-max-age`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-expires" href="#opt-nginx-ingress-kubernetes-iosession-cookie-expires" title="#opt-nginx-ingress-kubernetes-iosession-cookie-expires">`nginx.ingress.kubernetes.io/session-cookie-expires`</a> | |
|
||||
|
||||
### Load Balancing & Backend
|
||||
|
||||
| Annotation | Limitations / Notes |
|
||||
|-------------------------------------------------------|--------------------------------------------------------------------------------------------|
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioload-balance" href="#opt-nginx-ingress-kubernetes-ioload-balance" title="#opt-nginx-ingress-kubernetes-ioload-balance">`nginx.ingress.kubernetes.io/load-balance`</a> | Only round_robin supported; ewma and IP hash not supported. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iobackend-protocol" href="#opt-nginx-ingress-kubernetes-iobackend-protocol" title="#opt-nginx-ingress-kubernetes-iobackend-protocol">`nginx.ingress.kubernetes.io/backend-protocol`</a> | FCGI and AUTO_HTTP not supported. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioservice-upstream" href="#opt-nginx-ingress-kubernetes-ioservice-upstream" title="#opt-nginx-ingress-kubernetes-ioservice-upstream">`nginx.ingress.kubernetes.io/service-upstream`</a> | |
|
||||
| Annotation | Limitations / Notes |
|
||||
|-------------------------------------------------------|--------------------------------------------------------------------------------------------------|
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioload-balance" href="#opt-nginx-ingress-kubernetes-ioload-balance" title="#opt-nginx-ingress-kubernetes-ioload-balance">`nginx.ingress.kubernetes.io/load-balance`</a> | Only round_robin supported; ewma and IP hash not supported. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iobackend-protocol" href="#opt-nginx-ingress-kubernetes-iobackend-protocol" title="#opt-nginx-ingress-kubernetes-iobackend-protocol">`nginx.ingress.kubernetes.io/backend-protocol`</a> | FCGI and AUTO_HTTP not supported. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioservice-upstream" href="#opt-nginx-ingress-kubernetes-ioservice-upstream" title="#opt-nginx-ingress-kubernetes-ioservice-upstream">`nginx.ingress.kubernetes.io/service-upstream`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioupstream-vhost" href="#opt-nginx-ingress-kubernetes-ioupstream-vhost" title="#opt-nginx-ingress-kubernetes-ioupstream-vhost">`nginx.ingress.kubernetes.io/upstream-vhost`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iocustom-headers" href="#opt-nginx-ingress-kubernetes-iocustom-headers" title="#opt-nginx-ingress-kubernetes-iocustom-headers">`nginx.ingress.kubernetes.io/custom-headers`</a> | Header whitelisting, similar to `global-allowed-response-headers` NGINX config is not supported. |
|
||||
|
||||
### CORS
|
||||
|
||||
@@ -314,6 +317,18 @@ The following annotations are organized by category for easier navigation.
|
||||
| Annotation | Limitations / Notes |
|
||||
|-------------------------------------------------------|--------------------------------------------------------------------------------------------|
|
||||
| <a id="opt-nginx-ingress-kubernetes-iouse-regex" href="#opt-nginx-ingress-kubernetes-iouse-regex" title="#opt-nginx-ingress-kubernetes-iouse-regex">`nginx.ingress.kubernetes.io/use-regex`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iorewrite-target" href="#opt-nginx-ingress-kubernetes-iorewrite-target" title="#opt-nginx-ingress-kubernetes-iorewrite-target">`nginx.ingress.kubernetes.io/rewrite-target`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iopermanent-redirect" href="#opt-nginx-ingress-kubernetes-iopermanent-redirect" title="#opt-nginx-ingress-kubernetes-iopermanent-redirect">`nginx.ingress.kubernetes.io/permanent-redirect`</a> | Defaults to a 301 Moved Permanently status code. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iopermanent-redirect-code" href="#opt-nginx-ingress-kubernetes-iopermanent-redirect-code" title="#opt-nginx-ingress-kubernetes-iopermanent-redirect-code">`nginx.ingress.kubernetes.io/permanent-redirect-code`</a> | Only valid 3XX HTTP Status Codes are accepted. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iotemporal-redirect" href="#opt-nginx-ingress-kubernetes-iotemporal-redirect" title="#opt-nginx-ingress-kubernetes-iotemporal-redirect">`nginx.ingress.kubernetes.io/temporal-redirect`</a> | Takes precedence over the `permanent-redirect` annotation. Defaults to a 302 Found status code. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iotemporal-redirect-code" href="#opt-nginx-ingress-kubernetes-iotemporal-redirect-code" title="#opt-nginx-ingress-kubernetes-iotemporal-redirect-code">`nginx.ingress.kubernetes.io/temporal-redirect-code`</a> | Only valid 3XX HTTP Status Codes are accepted. |
|
||||
|
||||
### IP Whitelist
|
||||
|
||||
| Annotation | Limitations / Notes |
|
||||
|-------------------------------------------------------|--------------------------------------------------------------------------------------------|
|
||||
| <a id="opt-nginx-ingress-kubernetes-iowhitelist-source-range" href="#opt-nginx-ingress-kubernetes-iowhitelist-source-range" title="#opt-nginx-ingress-kubernetes-iowhitelist-source-range">`nginx.ingress.kubernetes.io/whitelist-source-range`</a> | |
|
||||
|
||||
|
||||
## Limitations
|
||||
|
||||
@@ -382,9 +397,6 @@ The following annotations are organized by category for easier navigation.
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioglobal-rate-limit-window" href="#opt-nginx-ingress-kubernetes-ioglobal-rate-limit-window" title="#opt-nginx-ingress-kubernetes-ioglobal-rate-limit-window">`nginx.ingress.kubernetes.io/global-rate-limit-window`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioglobal-rate-limit-key" href="#opt-nginx-ingress-kubernetes-ioglobal-rate-limit-key" title="#opt-nginx-ingress-kubernetes-ioglobal-rate-limit-key">`nginx.ingress.kubernetes.io/global-rate-limit-key`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioglobal-rate-limit-ignored-cidrs" href="#opt-nginx-ingress-kubernetes-ioglobal-rate-limit-ignored-cidrs" title="#opt-nginx-ingress-kubernetes-ioglobal-rate-limit-ignored-cidrs">`nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iopermanent-redirect" href="#opt-nginx-ingress-kubernetes-iopermanent-redirect" title="#opt-nginx-ingress-kubernetes-iopermanent-redirect">`nginx.ingress.kubernetes.io/permanent-redirect`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iopermanent-redirect-code" href="#opt-nginx-ingress-kubernetes-iopermanent-redirect-code" title="#opt-nginx-ingress-kubernetes-iopermanent-redirect-code">`nginx.ingress.kubernetes.io/permanent-redirect-code`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iotemporal-redirect" href="#opt-nginx-ingress-kubernetes-iotemporal-redirect" title="#opt-nginx-ingress-kubernetes-iotemporal-redirect">`nginx.ingress.kubernetes.io/temporal-redirect`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iopreserve-trailing-slash" href="#opt-nginx-ingress-kubernetes-iopreserve-trailing-slash" title="#opt-nginx-ingress-kubernetes-iopreserve-trailing-slash">`nginx.ingress.kubernetes.io/preserve-trailing-slash`</a> | Traefik preserves trailing slash by default. |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioproxy-cookie-domain" href="#opt-nginx-ingress-kubernetes-ioproxy-cookie-domain" title="#opt-nginx-ingress-kubernetes-ioproxy-cookie-domain">`nginx.ingress.kubernetes.io/proxy-cookie-domain`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioproxy-cookie-path" href="#opt-nginx-ingress-kubernetes-ioproxy-cookie-path" title="#opt-nginx-ingress-kubernetes-ioproxy-cookie-path">`nginx.ingress.kubernetes.io/proxy-cookie-path`</a> | |
|
||||
@@ -402,12 +414,10 @@ The following annotations are organized by category for easier navigation.
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioproxy-ssl-verify-depth" href="#opt-nginx-ingress-kubernetes-ioproxy-ssl-verify-depth" title="#opt-nginx-ingress-kubernetes-ioproxy-ssl-verify-depth">`nginx.ingress.kubernetes.io/proxy-ssl-verify-depth`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioproxy-ssl-protocols" href="#opt-nginx-ingress-kubernetes-ioproxy-ssl-protocols" title="#opt-nginx-ingress-kubernetes-ioproxy-ssl-protocols">`nginx.ingress.kubernetes.io/proxy-ssl-protocols`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioenable-rewrite-log" href="#opt-nginx-ingress-kubernetes-ioenable-rewrite-log" title="#opt-nginx-ingress-kubernetes-ioenable-rewrite-log">`nginx.ingress.kubernetes.io/enable-rewrite-log`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iorewrite-target" href="#opt-nginx-ingress-kubernetes-iorewrite-target" title="#opt-nginx-ingress-kubernetes-iorewrite-target">`nginx.ingress.kubernetes.io/rewrite-target`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosatisfy" href="#opt-nginx-ingress-kubernetes-iosatisfy" title="#opt-nginx-ingress-kubernetes-iosatisfy">`nginx.ingress.kubernetes.io/satisfy`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioserver-alias" href="#opt-nginx-ingress-kubernetes-ioserver-alias" title="#opt-nginx-ingress-kubernetes-ioserver-alias">`nginx.ingress.kubernetes.io/server-alias`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioserver-snippet" href="#opt-nginx-ingress-kubernetes-ioserver-snippet" title="#opt-nginx-ingress-kubernetes-ioserver-snippet">`nginx.ingress.kubernetes.io/server-snippet`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-conditional-samesite-none" href="#opt-nginx-ingress-kubernetes-iosession-cookie-conditional-samesite-none" title="#opt-nginx-ingress-kubernetes-iosession-cookie-conditional-samesite-none">`nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-expires" href="#opt-nginx-ingress-kubernetes-iosession-cookie-expires" title="#opt-nginx-ingress-kubernetes-iosession-cookie-expires">`nginx.ingress.kubernetes.io/session-cookie-expires`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iosession-cookie-change-on-failure" href="#opt-nginx-ingress-kubernetes-iosession-cookie-change-on-failure" title="#opt-nginx-ingress-kubernetes-iosession-cookie-change-on-failure">`nginx.ingress.kubernetes.io/session-cookie-change-on-failure`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iossl-ciphers" href="#opt-nginx-ingress-kubernetes-iossl-ciphers" title="#opt-nginx-ingress-kubernetes-iossl-ciphers">`nginx.ingress.kubernetes.io/ssl-ciphers`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iossl-prefer-server-ciphers" href="#opt-nginx-ingress-kubernetes-iossl-prefer-server-ciphers" title="#opt-nginx-ingress-kubernetes-iossl-prefer-server-ciphers">`nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers`</a> | |
|
||||
@@ -426,9 +436,7 @@ The following annotations are organized by category for easier navigation.
|
||||
| <a id="opt-nginx-ingress-kubernetes-iomirror-host" href="#opt-nginx-ingress-kubernetes-iomirror-host" title="#opt-nginx-ingress-kubernetes-iomirror-host">`nginx.ingress.kubernetes.io/mirror-host`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iox-forwarded-prefix" href="#opt-nginx-ingress-kubernetes-iox-forwarded-prefix" title="#opt-nginx-ingress-kubernetes-iox-forwarded-prefix">`nginx.ingress.kubernetes.io/x-forwarded-prefix`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioupstream-hash-by" href="#opt-nginx-ingress-kubernetes-ioupstream-hash-by" title="#opt-nginx-ingress-kubernetes-ioupstream-hash-by">`nginx.ingress.kubernetes.io/upstream-hash-by`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioupstream-vhost" href="#opt-nginx-ingress-kubernetes-ioupstream-vhost" title="#opt-nginx-ingress-kubernetes-ioupstream-vhost">`nginx.ingress.kubernetes.io/upstream-vhost`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iodenylist-source-range" href="#opt-nginx-ingress-kubernetes-iodenylist-source-range" title="#opt-nginx-ingress-kubernetes-iodenylist-source-range">`nginx.ingress.kubernetes.io/denylist-source-range`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-iowhitelist-source-range" href="#opt-nginx-ingress-kubernetes-iowhitelist-source-range" title="#opt-nginx-ingress-kubernetes-iowhitelist-source-range">`nginx.ingress.kubernetes.io/whitelist-source-range`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioproxy-buffering" href="#opt-nginx-ingress-kubernetes-ioproxy-buffering" title="#opt-nginx-ingress-kubernetes-ioproxy-buffering">`nginx.ingress.kubernetes.io/proxy-buffering`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioproxy-buffers-number" href="#opt-nginx-ingress-kubernetes-ioproxy-buffers-number" title="#opt-nginx-ingress-kubernetes-ioproxy-buffers-number">`nginx.ingress.kubernetes.io/proxy-buffers-number`</a> | |
|
||||
| <a id="opt-nginx-ingress-kubernetes-ioproxy-buffer-size" href="#opt-nginx-ingress-kubernetes-ioproxy-buffer-size" title="#opt-nginx-ingress-kubernetes-ioproxy-buffer-size">`nginx.ingress.kubernetes.io/proxy-buffer-size`</a> | |
|
||||
|
||||
@@ -191,15 +191,24 @@
|
||||
realm = "foobar"
|
||||
headerField = "foobar"
|
||||
[http.middlewares.Middleware09]
|
||||
[http.middlewares.Middleware09.errors]
|
||||
[http.middlewares.Middleware09.encodedCharacters]
|
||||
allowEncodedSlash = true
|
||||
allowEncodedBackSlash = true
|
||||
allowEncodedNullCharacter = true
|
||||
allowEncodedSemicolon = true
|
||||
allowEncodedPercent = true
|
||||
allowEncodedQuestionMark = true
|
||||
allowEncodedHash = true
|
||||
[http.middlewares.Middleware10]
|
||||
[http.middlewares.Middleware10.errors]
|
||||
status = ["foobar", "foobar"]
|
||||
service = "foobar"
|
||||
query = "foobar"
|
||||
[http.middlewares.Middleware09.errors.statusRewrites]
|
||||
[http.middlewares.Middleware10.errors.statusRewrites]
|
||||
name0 = 42
|
||||
name1 = 42
|
||||
[http.middlewares.Middleware10]
|
||||
[http.middlewares.Middleware10.forwardAuth]
|
||||
[http.middlewares.Middleware11]
|
||||
[http.middlewares.Middleware11.forwardAuth]
|
||||
address = "foobar"
|
||||
trustForwardHeader = true
|
||||
authResponseHeaders = ["foobar", "foobar"]
|
||||
@@ -211,17 +220,17 @@
|
||||
maxBodySize = 42
|
||||
preserveLocationHeader = true
|
||||
preserveRequestMethod = true
|
||||
[http.middlewares.Middleware10.forwardAuth.tls]
|
||||
[http.middlewares.Middleware11.forwardAuth.tls]
|
||||
ca = "foobar"
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
caOptional = true
|
||||
[http.middlewares.Middleware11]
|
||||
[http.middlewares.Middleware11.grpcWeb]
|
||||
allowOrigins = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware12]
|
||||
[http.middlewares.Middleware12.headers]
|
||||
[http.middlewares.Middleware12.grpcWeb]
|
||||
allowOrigins = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware13]
|
||||
[http.middlewares.Middleware13.headers]
|
||||
accessControlAllowCredentials = true
|
||||
accessControlAllowHeaders = ["foobar", "foobar"]
|
||||
accessControlAllowMethods = ["foobar", "foobar"]
|
||||
@@ -252,49 +261,49 @@
|
||||
sslTemporaryRedirect = true
|
||||
sslHost = "foobar"
|
||||
sslForceHost = true
|
||||
[http.middlewares.Middleware12.headers.customRequestHeaders]
|
||||
[http.middlewares.Middleware13.headers.customRequestHeaders]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware12.headers.customResponseHeaders]
|
||||
[http.middlewares.Middleware13.headers.customResponseHeaders]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware12.headers.sslProxyHeaders]
|
||||
[http.middlewares.Middleware13.headers.sslProxyHeaders]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware13]
|
||||
[http.middlewares.Middleware13.ipAllowList]
|
||||
[http.middlewares.Middleware14]
|
||||
[http.middlewares.Middleware14.ipAllowList]
|
||||
sourceRange = ["foobar", "foobar"]
|
||||
rejectStatusCode = 42
|
||||
[http.middlewares.Middleware13.ipAllowList.ipStrategy]
|
||||
depth = 42
|
||||
excludedIPs = ["foobar", "foobar"]
|
||||
ipv6Subnet = 42
|
||||
[http.middlewares.Middleware14]
|
||||
[http.middlewares.Middleware14.ipWhiteList]
|
||||
sourceRange = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware14.ipWhiteList.ipStrategy]
|
||||
[http.middlewares.Middleware14.ipAllowList.ipStrategy]
|
||||
depth = 42
|
||||
excludedIPs = ["foobar", "foobar"]
|
||||
ipv6Subnet = 42
|
||||
[http.middlewares.Middleware15]
|
||||
[http.middlewares.Middleware15.inFlightReq]
|
||||
[http.middlewares.Middleware15.ipWhiteList]
|
||||
sourceRange = ["foobar", "foobar"]
|
||||
[http.middlewares.Middleware15.ipWhiteList.ipStrategy]
|
||||
depth = 42
|
||||
excludedIPs = ["foobar", "foobar"]
|
||||
ipv6Subnet = 42
|
||||
[http.middlewares.Middleware16]
|
||||
[http.middlewares.Middleware16.inFlightReq]
|
||||
amount = 42
|
||||
[http.middlewares.Middleware15.inFlightReq.sourceCriterion]
|
||||
[http.middlewares.Middleware16.inFlightReq.sourceCriterion]
|
||||
requestHeaderName = "foobar"
|
||||
requestHost = true
|
||||
[http.middlewares.Middleware15.inFlightReq.sourceCriterion.ipStrategy]
|
||||
[http.middlewares.Middleware16.inFlightReq.sourceCriterion.ipStrategy]
|
||||
depth = 42
|
||||
excludedIPs = ["foobar", "foobar"]
|
||||
ipv6Subnet = 42
|
||||
[http.middlewares.Middleware16]
|
||||
[http.middlewares.Middleware16.passTLSClientCert]
|
||||
[http.middlewares.Middleware17]
|
||||
[http.middlewares.Middleware17.passTLSClientCert]
|
||||
pem = true
|
||||
[http.middlewares.Middleware16.passTLSClientCert.info]
|
||||
[http.middlewares.Middleware17.passTLSClientCert.info]
|
||||
notAfter = true
|
||||
notBefore = true
|
||||
sans = true
|
||||
serialNumber = true
|
||||
[http.middlewares.Middleware16.passTLSClientCert.info.subject]
|
||||
[http.middlewares.Middleware17.passTLSClientCert.info.subject]
|
||||
country = true
|
||||
province = true
|
||||
locality = true
|
||||
@@ -303,7 +312,7 @@
|
||||
commonName = true
|
||||
serialNumber = true
|
||||
domainComponent = true
|
||||
[http.middlewares.Middleware16.passTLSClientCert.info.issuer]
|
||||
[http.middlewares.Middleware17.passTLSClientCert.info.issuer]
|
||||
country = true
|
||||
province = true
|
||||
locality = true
|
||||
@@ -311,27 +320,27 @@
|
||||
commonName = true
|
||||
serialNumber = true
|
||||
domainComponent = true
|
||||
[http.middlewares.Middleware17]
|
||||
[http.middlewares.Middleware17.plugin]
|
||||
[http.middlewares.Middleware17.plugin.PluginConf0]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware17.plugin.PluginConf1]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware18]
|
||||
[http.middlewares.Middleware18.rateLimit]
|
||||
[http.middlewares.Middleware18.plugin]
|
||||
[http.middlewares.Middleware18.plugin.PluginConf0]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware18.plugin.PluginConf1]
|
||||
name0 = "foobar"
|
||||
name1 = "foobar"
|
||||
[http.middlewares.Middleware19]
|
||||
[http.middlewares.Middleware19.rateLimit]
|
||||
average = 42
|
||||
period = "42s"
|
||||
burst = 42
|
||||
[http.middlewares.Middleware18.rateLimit.sourceCriterion]
|
||||
[http.middlewares.Middleware19.rateLimit.sourceCriterion]
|
||||
requestHeaderName = "foobar"
|
||||
requestHost = true
|
||||
[http.middlewares.Middleware18.rateLimit.sourceCriterion.ipStrategy]
|
||||
[http.middlewares.Middleware19.rateLimit.sourceCriterion.ipStrategy]
|
||||
depth = 42
|
||||
excludedIPs = ["foobar", "foobar"]
|
||||
ipv6Subnet = 42
|
||||
[http.middlewares.Middleware18.rateLimit.redis]
|
||||
[http.middlewares.Middleware19.rateLimit.redis]
|
||||
endpoints = ["foobar", "foobar"]
|
||||
username = "foobar"
|
||||
password = "foobar"
|
||||
@@ -342,44 +351,47 @@
|
||||
readTimeout = "42s"
|
||||
writeTimeout = "42s"
|
||||
dialTimeout = "42s"
|
||||
[http.middlewares.Middleware18.rateLimit.redis.tls]
|
||||
[http.middlewares.Middleware19.rateLimit.redis.tls]
|
||||
ca = "foobar"
|
||||
cert = "foobar"
|
||||
key = "foobar"
|
||||
insecureSkipVerify = true
|
||||
[http.middlewares.Middleware19]
|
||||
[http.middlewares.Middleware19.redirectRegex]
|
||||
[http.middlewares.Middleware20]
|
||||
[http.middlewares.Middleware20.redirectRegex]
|
||||
regex = "foobar"
|
||||
replacement = "foobar"
|
||||
permanent = true
|
||||
[http.middlewares.Middleware20]
|
||||
[http.middlewares.Middleware20.redirectScheme]
|
||||
[http.middlewares.Middleware21]
|
||||
[http.middlewares.Middleware21.redirectScheme]
|
||||
scheme = "foobar"
|
||||
port = "foobar"
|
||||
permanent = true
|
||||
[http.middlewares.Middleware21]
|
||||
[http.middlewares.Middleware21.replacePath]
|
||||
path = "foobar"
|
||||
[http.middlewares.Middleware22]
|
||||
[http.middlewares.Middleware22.replacePathRegex]
|
||||
[http.middlewares.Middleware22.replacePath]
|
||||
path = "foobar"
|
||||
[http.middlewares.Middleware23]
|
||||
[http.middlewares.Middleware23.replacePathRegex]
|
||||
regex = "foobar"
|
||||
replacement = "foobar"
|
||||
[http.middlewares.Middleware23]
|
||||
[http.middlewares.Middleware23.retry]
|
||||
[http.middlewares.Middleware24]
|
||||
[http.middlewares.Middleware24.retry]
|
||||
attempts = 42
|
||||
initialInterval = "42s"
|
||||
[http.middlewares.Middleware24]
|
||||
[http.middlewares.Middleware24.stripPrefix]
|
||||
[http.middlewares.Middleware25]
|
||||
[http.middlewares.Middleware25.stripPrefix]
|
||||
prefixes = ["foobar", "foobar"]
|
||||
forceSlash = true
|
||||
[http.middlewares.Middleware25]
|
||||
[http.middlewares.Middleware25.stripPrefixRegex]
|
||||
[http.middlewares.Middleware26]
|
||||
[http.middlewares.Middleware26.stripPrefixRegex]
|
||||
regex = ["foobar", "foobar"]
|
||||
[http.serversTransports]
|
||||
[http.serversTransports.ServersTransport0]
|
||||
serverName = "foobar"
|
||||
insecureSkipVerify = true
|
||||
rootCAs = ["foobar", "foobar"]
|
||||
cipherSuites = ["foobar", "foobar"]
|
||||
minVersion = "foobar"
|
||||
maxVersion = "foobar"
|
||||
maxIdleConnsPerHost = 42
|
||||
disableHTTP2 = true
|
||||
peerCertURI = "foobar"
|
||||
@@ -404,6 +416,9 @@
|
||||
serverName = "foobar"
|
||||
insecureSkipVerify = true
|
||||
rootCAs = ["foobar", "foobar"]
|
||||
cipherSuites = ["foobar", "foobar"]
|
||||
minVersion = "foobar"
|
||||
maxVersion = "foobar"
|
||||
maxIdleConnsPerHost = 42
|
||||
disableHTTP2 = true
|
||||
peerCertURI = "foobar"
|
||||
|
||||
@@ -205,6 +205,15 @@ http:
|
||||
realm: foobar
|
||||
headerField: foobar
|
||||
Middleware09:
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: true
|
||||
allowEncodedBackSlash: true
|
||||
allowEncodedNullCharacter: true
|
||||
allowEncodedSemicolon: true
|
||||
allowEncodedPercent: true
|
||||
allowEncodedQuestionMark: true
|
||||
allowEncodedHash: true
|
||||
Middleware10:
|
||||
errors:
|
||||
status:
|
||||
- foobar
|
||||
@@ -214,7 +223,7 @@ http:
|
||||
name1: 42
|
||||
service: foobar
|
||||
query: foobar
|
||||
Middleware10:
|
||||
Middleware11:
|
||||
forwardAuth:
|
||||
address: foobar
|
||||
tls:
|
||||
@@ -239,12 +248,12 @@ http:
|
||||
maxBodySize: 42
|
||||
preserveLocationHeader: true
|
||||
preserveRequestMethod: true
|
||||
Middleware11:
|
||||
Middleware12:
|
||||
grpcWeb:
|
||||
allowOrigins:
|
||||
- foobar
|
||||
- foobar
|
||||
Middleware12:
|
||||
Middleware13:
|
||||
headers:
|
||||
customRequestHeaders:
|
||||
name0: foobar
|
||||
@@ -299,7 +308,7 @@ http:
|
||||
sslTemporaryRedirect: true
|
||||
sslHost: foobar
|
||||
sslForceHost: true
|
||||
Middleware13:
|
||||
Middleware14:
|
||||
ipAllowList:
|
||||
sourceRange:
|
||||
- foobar
|
||||
@@ -311,7 +320,7 @@ http:
|
||||
- foobar
|
||||
ipv6Subnet: 42
|
||||
rejectStatusCode: 42
|
||||
Middleware14:
|
||||
Middleware15:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- foobar
|
||||
@@ -322,7 +331,7 @@ http:
|
||||
- foobar
|
||||
- foobar
|
||||
ipv6Subnet: 42
|
||||
Middleware15:
|
||||
Middleware16:
|
||||
inFlightReq:
|
||||
amount: 42
|
||||
sourceCriterion:
|
||||
@@ -334,7 +343,7 @@ http:
|
||||
ipv6Subnet: 42
|
||||
requestHeaderName: foobar
|
||||
requestHost: true
|
||||
Middleware16:
|
||||
Middleware17:
|
||||
passTLSClientCert:
|
||||
pem: true
|
||||
info:
|
||||
@@ -359,7 +368,7 @@ http:
|
||||
commonName: true
|
||||
serialNumber: true
|
||||
domainComponent: true
|
||||
Middleware17:
|
||||
Middleware18:
|
||||
plugin:
|
||||
PluginConf0:
|
||||
name0: foobar
|
||||
@@ -367,7 +376,7 @@ http:
|
||||
PluginConf1:
|
||||
name0: foobar
|
||||
name1: foobar
|
||||
Middleware18:
|
||||
Middleware19:
|
||||
rateLimit:
|
||||
average: 42
|
||||
period: 42s
|
||||
@@ -399,34 +408,34 @@ http:
|
||||
readTimeout: 42s
|
||||
writeTimeout: 42s
|
||||
dialTimeout: 42s
|
||||
Middleware19:
|
||||
Middleware20:
|
||||
redirectRegex:
|
||||
regex: foobar
|
||||
replacement: foobar
|
||||
permanent: true
|
||||
Middleware20:
|
||||
Middleware21:
|
||||
redirectScheme:
|
||||
scheme: foobar
|
||||
port: foobar
|
||||
permanent: true
|
||||
Middleware21:
|
||||
Middleware22:
|
||||
replacePath:
|
||||
path: foobar
|
||||
Middleware22:
|
||||
Middleware23:
|
||||
replacePathRegex:
|
||||
regex: foobar
|
||||
replacement: foobar
|
||||
Middleware23:
|
||||
Middleware24:
|
||||
retry:
|
||||
attempts: 42
|
||||
initialInterval: 42s
|
||||
Middleware24:
|
||||
Middleware25:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- foobar
|
||||
- foobar
|
||||
forceSlash: true
|
||||
Middleware25:
|
||||
Middleware26:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
- foobar
|
||||
@@ -443,6 +452,11 @@ http:
|
||||
keyFile: foobar
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
cipherSuites:
|
||||
- foobar
|
||||
- foobar
|
||||
minVersion: foobar
|
||||
maxVersion: foobar
|
||||
maxIdleConnsPerHost: 42
|
||||
forwardingTimeouts:
|
||||
dialTimeout: 42s
|
||||
@@ -468,6 +482,11 @@ http:
|
||||
keyFile: foobar
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
cipherSuites:
|
||||
- foobar
|
||||
- foobar
|
||||
minVersion: foobar
|
||||
maxVersion: foobar
|
||||
maxIdleConnsPerHost: 42
|
||||
forwardingTimeouts:
|
||||
dialTimeout: 42s
|
||||
|
||||
@@ -90,7 +90,7 @@ labels:
|
||||
|--------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------|----------|
|
||||
| <a id="opt-entryPoints" href="#opt-entryPoints" title="#opt-entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, TCP routers are attached to all TCP entry points. | All TCP entry points | No |
|
||||
| <a id="opt-rule" href="#opt-rule" title="#opt-rule">`rule`</a> | Rules are a set of matchers configured with values, that determine if a particular connection matches specific criteria. If the rule is verified, the router becomes active, calls middlewares, and then forwards the connection to the service. See [Rules & Priority](./rules-and-priority.md) for details. | | Yes |
|
||||
| <a id="opt-priority" href="#opt-priority" title="#opt-priority">`priority`</a> | To avoid rule overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
|
||||
| <a id="opt-priority" href="#opt-priority" title="#opt-priority">`priority`</a> | To avoid rule overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. Negative values are supported. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
|
||||
| <a id="opt-middlewares" href="#opt-middlewares" title="#opt-middlewares">`middlewares`</a> | The list of middlewares that are applied to the router. Middlewares are applied in the order they are declared. See [TCP Middlewares overview](../middlewares/overview.md) for available TCP middlewares. | | No |
|
||||
| <a id="opt-tls" href="#opt-tls" title="#opt-tls">`tls`</a> | TLS configuration for the router. When specified, the router will only handle TLS connections. See [TLS configuration](../tls.md) for detailed TLS options. | | No |
|
||||
| <a id="opt-service" href="#opt-service" title="#opt-service">`service`</a> | The name of the service that will handle the matched connections. Services can be load balancer services or weighted round robin services. See [TCP Service](../service.md) for details. | | Yes |
|
||||
|
||||
@@ -195,6 +195,8 @@ To avoid path overlap, routes are sorted, by default, in descending order using
|
||||
The priority is directly equal to the length of the rule, and so the longest length has the highest priority.
|
||||
A value of `0` for the priority is ignored: `priority: 0` means that the default rules length sorting is used.
|
||||
|
||||
Negative priority values are supported.
|
||||
|
||||
Traefik reserves a range of priorities for its internal routers, the maximum user-defined router priority value is:
|
||||
|
||||
- `(MaxInt32 - 1000)` for 32-bit platforms,
|
||||
|
||||
@@ -1869,6 +1869,11 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
|
||||
- spiffe://trust-domain/id1
|
||||
- spiffe://trust-domain/id2
|
||||
trustDomain: "spiffe://trust-domain" # [14]
|
||||
cipherSuites: # [15]
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
minVersion: VersionTLS11 # [16]
|
||||
maxVersion: VersionTLS12 # [17]
|
||||
```
|
||||
|
||||
| Ref | Attribute | Purpose |
|
||||
@@ -1887,6 +1892,9 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
|
||||
| [12] | `spiffe` | The spiffe configuration. |
|
||||
| [13] | `ids` | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). |
|
||||
| [14] | `trustDomain` | Defines the allowed SPIFFE trust domain. |
|
||||
| [15] | `cipherSuites` | Defines the cipher suites to use when contacting backend servers. |
|
||||
| [16] | `minVersion` | Defines the minimum TLS version to use when contacting backend servers. |
|
||||
| [17] | `maxVersion` | Defines the maximum TLS version to use when contacting backend servers. |
|
||||
|
||||
!!! info "CA Secret"
|
||||
|
||||
|
||||
@@ -442,6 +442,8 @@ The priority is directly equal to the length of the rule, and so the longest len
|
||||
|
||||
A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
|
||||
|
||||
Negative priority values are supported.
|
||||
|
||||
??? warning "Maximum Value"
|
||||
|
||||
Traefik reserves a range of priorities for its internal routers,
|
||||
@@ -1267,6 +1269,8 @@ The priority is directly equal to the length of the rule, and so the longest len
|
||||
|
||||
A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
|
||||
|
||||
Negative priority values are supported.
|
||||
|
||||
??? warning "Maximum Value"
|
||||
|
||||
Traefik reserves a range of priorities for its internal routers,
|
||||
|
||||
@@ -800,6 +800,129 @@ data:
|
||||
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
|
||||
```
|
||||
|
||||
#### `cipherSuites`
|
||||
|
||||
_Optional_
|
||||
|
||||
`cipherSuites` defines the cipher suites to use when contacting backend servers.
|
||||
|
||||
This option allows you to control the cryptographic algorithms used for backend connections, which is useful for:
|
||||
|
||||
- Connecting to legacy backends that only support specific cipher suites
|
||||
- Enforcing security policies (e.g., requiring Perfect Forward Secrecy)
|
||||
- Meeting compliance requirements
|
||||
|
||||
If not specified, Go's default cipher suites are used.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
serversTransports:
|
||||
mytransport:
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Dynamic configuration
|
||||
[http.serversTransports.mytransport]
|
||||
cipherSuites = ["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"]
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: mytransport
|
||||
namespace: default
|
||||
spec:
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
```
|
||||
|
||||
#### `minVersion`
|
||||
|
||||
_Optional_
|
||||
|
||||
`minVersion` defines the minimum TLS version to use when contacting backend servers.
|
||||
|
||||
Use this option to enforce a minimum security level for backend connections.
|
||||
|
||||
!!! info "Valid Values"
|
||||
- `VersionTLS10` (discouraged - deprecated and insecure)
|
||||
- `VersionTLS11` (discouraged - deprecated and insecure)
|
||||
- `VersionTLS12` (recommended minimum)
|
||||
- `VersionTLS13` (most secure)
|
||||
|
||||
If not specified, Go's default minimum version is used.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
serversTransports:
|
||||
mytransport:
|
||||
minVersion: VersionTLS12
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Dynamic configuration
|
||||
[http.serversTransports.mytransport]
|
||||
minVersion = "VersionTLS12"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: mytransport
|
||||
namespace: default
|
||||
spec:
|
||||
minVersion: VersionTLS12
|
||||
```
|
||||
|
||||
#### `maxVersion`
|
||||
|
||||
_Optional_
|
||||
|
||||
`maxVersion` defines the maximum TLS version to use when contacting backend servers.
|
||||
|
||||
!!! warning "Use with Caution"
|
||||
We discourage using this option to disable TLS 1.3. It should only be used for connecting to legacy backends that don't support newer TLS versions.
|
||||
|
||||
!!! info "Valid Values"
|
||||
- `VersionTLS10`
|
||||
- `VersionTLS11`
|
||||
- `VersionTLS12`
|
||||
- `VersionTLS13`
|
||||
|
||||
If not specified, Go's default maximum version (latest) is used.
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
## Dynamic configuration
|
||||
http:
|
||||
serversTransports:
|
||||
mytransport:
|
||||
maxVersion: VersionTLS12
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
## Dynamic configuration
|
||||
[http.serversTransports.mytransport]
|
||||
maxVersion = "VersionTLS12"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: ServersTransport
|
||||
metadata:
|
||||
name: mytransport
|
||||
namespace: default
|
||||
spec:
|
||||
maxVersion: VersionTLS12
|
||||
```
|
||||
|
||||
#### `maxIdleConnsPerHost`
|
||||
|
||||
_Optional, Default=2_
|
||||
|
||||
@@ -133,3 +133,8 @@ entryPoints:
|
||||
--entryPoints.websecure.http.encodedCharacters.allowEncodedQuestionMark=false
|
||||
--entryPoints.websecure.http.encodedCharacters.allowEncodedHash=false
|
||||
```
|
||||
|
||||
!!! info "Encoded Characters filtering on a per-route basis"
|
||||
|
||||
If you need to configure encoded character filtering on a per-route basis, you can use the `EncodedCharacters` middleware.
|
||||
Refer to the documentation for the [`EncodedCharacter` middleware](../reference/routing-configuration/http/middlewares/encodedcharacters.md) for detailed implementation instructions and configuration options.
|
||||
|
||||
@@ -292,6 +292,7 @@ nav:
|
||||
- 'ContentType': 'reference/routing-configuration/http/middlewares/contenttype.md'
|
||||
- 'DigestAuth': 'reference/routing-configuration/http/middlewares/digestauth.md'
|
||||
- '<span class="nav-link-with-icon">Distributed RateLimit <img src="https://doc.traefik.io/traefik-hub/img/ps-traefik-hub-logo-light.svg" class="menu-icon" alt="Traefik Hub API Gateway"></span>' : 'reference/routing-configuration/http/middlewares/distributed-ratelimit.md'
|
||||
- 'EncodedCharacters': 'reference/routing-configuration/http/middlewares/encodedcharacters.md'
|
||||
- 'Errors': 'reference/routing-configuration/http/middlewares/errorpages.md'
|
||||
- 'ForwardAuth': 'reference/routing-configuration/http/middlewares/forwardauth.md'
|
||||
- 'GrpcWeb': 'reference/routing-configuration/http/middlewares/grpcweb.md'
|
||||
|
||||
12
go.mod
12
go.mod
@@ -55,7 +55,7 @@ require (
|
||||
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // No tag on the repo.
|
||||
github.com/prometheus/client_golang v1.23.0
|
||||
github.com/prometheus/client_model v0.6.2
|
||||
github.com/quic-go/quic-go v0.58.0
|
||||
github.com/quic-go/quic-go v0.59.0
|
||||
github.com/redis/go-redis/v9 v9.8.0
|
||||
github.com/rs/zerolog v1.33.0
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
@@ -95,12 +95,12 @@ require (
|
||||
go.opentelemetry.io/otel/sdk/log v0.14.0
|
||||
go.opentelemetry.io/otel/sdk/metric v1.38.0
|
||||
go.opentelemetry.io/otel/trace v1.38.0
|
||||
golang.org/x/crypto v0.46.0
|
||||
golang.org/x/crypto v0.47.0
|
||||
golang.org/x/mod v0.31.0
|
||||
golang.org/x/net v0.48.0
|
||||
golang.org/x/net v0.49.0
|
||||
golang.org/x/sync v0.19.0
|
||||
golang.org/x/sys v0.39.0
|
||||
golang.org/x/text v0.32.0
|
||||
golang.org/x/sys v0.40.0
|
||||
golang.org/x/text v0.33.0
|
||||
golang.org/x/time v0.14.0
|
||||
golang.org/x/tools v0.40.0
|
||||
google.golang.org/grpc v1.78.0
|
||||
@@ -393,7 +393,7 @@ require (
|
||||
golang.org/x/arch v0.4.0 // indirect
|
||||
golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect
|
||||
golang.org/x/oauth2 v0.34.0 // indirect
|
||||
golang.org/x/term v0.38.0 // indirect
|
||||
golang.org/x/term v0.39.0 // indirect
|
||||
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
|
||||
google.golang.org/api v0.259.0 // indirect
|
||||
google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
|
||||
|
||||
24
go.sum
24
go.sum
@@ -1122,8 +1122,8 @@ github.com/prometheus/statsd_exporter v0.22.7/go.mod h1:N/TevpjkIh9ccs6nuzY3jQn9
|
||||
github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
|
||||
github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
|
||||
github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
|
||||
github.com/quic-go/quic-go v0.58.0 h1:ggY2pvZaVdB9EyojxL1p+5mptkuHyX5MOSv4dgWF4Ug=
|
||||
github.com/quic-go/quic-go v0.58.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
|
||||
github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
|
||||
github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
|
||||
github.com/redis/go-redis/v9 v9.8.0 h1:q3nRvjrlge/6UD7eTu/DSg2uYiU2mCL0G/uzBWqhicI=
|
||||
@@ -1509,8 +1509,8 @@ golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDf
|
||||
golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
|
||||
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
|
||||
golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
|
||||
golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
|
||||
golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
|
||||
golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
|
||||
golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
|
||||
golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
@@ -1619,8 +1619,8 @@ golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
|
||||
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
|
||||
golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
|
||||
golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
|
||||
golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
|
||||
golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
|
||||
golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
|
||||
golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
@@ -1744,8 +1744,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
|
||||
golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
|
||||
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
@@ -1762,8 +1762,8 @@ golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
|
||||
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
|
||||
golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
|
||||
golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
|
||||
golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
|
||||
golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
|
||||
golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
|
||||
golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
|
||||
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
@@ -1782,8 +1782,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
|
||||
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
|
||||
golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
|
||||
golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
|
||||
golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
|
||||
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
|
||||
golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
|
||||
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
|
||||
|
||||
@@ -245,8 +245,7 @@ func digestParts(resp *http.Response) map[string]string {
|
||||
result := map[string]string{}
|
||||
if len(resp.Header["Www-Authenticate"]) > 0 {
|
||||
wantedHeaders := []string{"nonce", "realm", "qop", "opaque"}
|
||||
responseHeaders := strings.Split(resp.Header["Www-Authenticate"][0], ",")
|
||||
for _, r := range responseHeaders {
|
||||
for r := range strings.SplitSeq(resp.Header["Www-Authenticate"][0], ",") {
|
||||
for _, w := range wantedHeaders {
|
||||
if strings.Contains(r, w) {
|
||||
result[w] = strings.Split(r, `"`)[1]
|
||||
|
||||
@@ -27,6 +27,7 @@ import (
|
||||
// ACME test suites.
|
||||
type AcmeSuite struct {
|
||||
BaseSuite
|
||||
|
||||
pebbleIP string
|
||||
fakeDNSServer *dns.Server
|
||||
}
|
||||
@@ -63,11 +64,6 @@ const (
|
||||
wildcardDomain = "*.acme.wtf"
|
||||
)
|
||||
|
||||
func (s *AcmeSuite) getAcmeURL() string {
|
||||
return fmt.Sprintf("https://%s/dir",
|
||||
net.JoinHostPort(s.pebbleIP, "14000"))
|
||||
}
|
||||
|
||||
func setupPebbleRootCA() (*http.Transport, error) {
|
||||
path, err := filepath.Abs("fixtures/acme/ssl/pebble.minica.pem")
|
||||
if err != nil {
|
||||
@@ -540,3 +536,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(testCase acmeTestCase) {
|
||||
assert.Equal(s.T(), sub.expectedAlgorithm, gotPublicKeyAlgorithm)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *AcmeSuite) getAcmeURL() string {
|
||||
return fmt.Sprintf("https://%s/dir",
|
||||
net.JoinHostPort(s.pebbleIP, "14000"))
|
||||
}
|
||||
|
||||
@@ -16,6 +16,7 @@ import (
|
||||
|
||||
type ConsulCatalogSuite struct {
|
||||
BaseSuite
|
||||
|
||||
consulClient *api.Client
|
||||
consulAgentClient *api.Client
|
||||
consulURL string
|
||||
@@ -53,47 +54,6 @@ func (s *ConsulCatalogSuite) TearDownSuite() {
|
||||
s.BaseSuite.TearDownSuite()
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) waitToElectConsulLeader() error {
|
||||
return try.Do(15*time.Second, func() error {
|
||||
leader, err := s.consulClient.Status().Leader()
|
||||
|
||||
if err != nil || len(leader) == 0 {
|
||||
return fmt.Errorf("leader not found. %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) waitForConnectCA() error {
|
||||
return try.Do(15*time.Second, func() error {
|
||||
caroots, _, err := s.consulClient.Connect().CARoots(nil)
|
||||
|
||||
if err != nil || len(caroots.Roots) == 0 {
|
||||
return fmt.Errorf("connect CA not fully initialized. %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) registerService(reg *api.AgentServiceRegistration, onAgent bool) error {
|
||||
client := s.consulClient
|
||||
if onAgent {
|
||||
client = s.consulAgentClient
|
||||
}
|
||||
|
||||
return client.Agent().ServiceRegister(reg)
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) deregisterService(id string, onAgent bool) error {
|
||||
client := s.consulClient
|
||||
if onAgent {
|
||||
client = s.consulAgentClient
|
||||
}
|
||||
return client.Agent().ServiceDeregister(id)
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) TestWithNotExposedByDefaultAndDefaultsSettings() {
|
||||
reg1 := &api.AgentServiceRegistration{
|
||||
ID: "whoami1",
|
||||
@@ -837,3 +797,44 @@ func (s *ConsulCatalogSuite) TestConsulConnect_NotAware() {
|
||||
err = s.deregisterService("whoami1", false)
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) waitToElectConsulLeader() error {
|
||||
return try.Do(15*time.Second, func() error {
|
||||
leader, err := s.consulClient.Status().Leader()
|
||||
|
||||
if err != nil || len(leader) == 0 {
|
||||
return fmt.Errorf("leader not found. %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) waitForConnectCA() error {
|
||||
return try.Do(15*time.Second, func() error {
|
||||
caroots, _, err := s.consulClient.Connect().CARoots(nil)
|
||||
|
||||
if err != nil || len(caroots.Roots) == 0 {
|
||||
return fmt.Errorf("connect CA not fully initialized. %w", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
})
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) registerService(reg *api.AgentServiceRegistration, onAgent bool) error {
|
||||
client := s.consulClient
|
||||
if onAgent {
|
||||
client = s.consulAgentClient
|
||||
}
|
||||
|
||||
return client.Agent().ServiceRegister(reg)
|
||||
}
|
||||
|
||||
func (s *ConsulCatalogSuite) deregisterService(id string, onAgent bool) error {
|
||||
client := s.consulClient
|
||||
if onAgent {
|
||||
client = s.consulAgentClient
|
||||
}
|
||||
return client.Agent().ServiceDeregister(id)
|
||||
}
|
||||
|
||||
@@ -25,6 +25,7 @@ import (
|
||||
// Consul test suites.
|
||||
type ConsulSuite struct {
|
||||
BaseSuite
|
||||
|
||||
kvClient store.Store
|
||||
consulURL string
|
||||
}
|
||||
@@ -162,16 +163,6 @@ func (s *ConsulSuite) TestSimpleConfiguration() {
|
||||
}
|
||||
}
|
||||
|
||||
func (s *ConsulSuite) assertWhoami(host string, expectedStatusCode int) {
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
|
||||
require.NoError(s.T(), err)
|
||||
req.Host = host
|
||||
|
||||
resp, err := try.ResponseUntilStatusCode(req, 15*time.Second, expectedStatusCode)
|
||||
require.NoError(s.T(), err)
|
||||
resp.Body.Close()
|
||||
}
|
||||
|
||||
func (s *ConsulSuite) TestDeleteRootKey() {
|
||||
// This test case reproduce the issue: https://github.com/traefik/traefik/issues/8092
|
||||
|
||||
@@ -220,3 +211,13 @@ func (s *ConsulSuite) TestDeleteRootKey() {
|
||||
s.assertWhoami("kv1.localhost", http.StatusNotFound)
|
||||
s.assertWhoami("kv2.localhost", http.StatusNotFound)
|
||||
}
|
||||
|
||||
func (s *ConsulSuite) assertWhoami(host string, expectedStatusCode int) {
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000", nil)
|
||||
require.NoError(s.T(), err)
|
||||
req.Host = host
|
||||
|
||||
resp, err := try.ResponseUntilStatusCode(req, 15*time.Second, expectedStatusCode)
|
||||
require.NoError(s.T(), err)
|
||||
resp.Body.Close()
|
||||
}
|
||||
|
||||
@@ -81,7 +81,7 @@ func (s *DockerSuite) TestDefaultDockerContainers() {
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
var version map[string]interface{}
|
||||
var version map[string]any
|
||||
|
||||
assert.NoError(s.T(), json.Unmarshal(body, &version))
|
||||
assert.Equal(s.T(), "swarm/1.0.0", version["Version"])
|
||||
@@ -145,7 +145,7 @@ func (s *DockerSuite) TestDockerContainersWithLabels() {
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
var version map[string]interface{}
|
||||
var version map[string]any
|
||||
|
||||
assert.NoError(s.T(), json.Unmarshal(body, &version))
|
||||
assert.Equal(s.T(), "swarm/1.0.0", version["Version"])
|
||||
@@ -203,7 +203,7 @@ func (s *DockerSuite) TestRestartDockerContainers() {
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
var version map[string]interface{}
|
||||
var version map[string]any
|
||||
|
||||
assert.NoError(s.T(), json.Unmarshal(body, &version))
|
||||
assert.Equal(s.T(), "swarm/1.0.0", version["Version"])
|
||||
|
||||
@@ -21,6 +21,7 @@ const traefikTestOTLPLogFile = "traefik_otlp.log"
|
||||
// DualLoggingSuite tests that both OTLP and stdout logging can work together.
|
||||
type DualLoggingSuite struct {
|
||||
BaseSuite
|
||||
|
||||
otlpLogs []string
|
||||
collector *httptest.Server
|
||||
}
|
||||
|
||||
@@ -14,6 +14,7 @@ import (
|
||||
// ErrorPagesSuite test suites.
|
||||
type ErrorPagesSuite struct {
|
||||
BaseSuite
|
||||
|
||||
ErrorPageIP string
|
||||
BackendIP string
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ import (
|
||||
// etcd test suites.
|
||||
type EtcdSuite struct {
|
||||
BaseSuite
|
||||
|
||||
kvClient store.Store
|
||||
etcdAddr string
|
||||
}
|
||||
|
||||
@@ -48,6 +48,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
parentRefs:
|
||||
description: |-
|
||||
ParentRefs defines references to parent IngressRoute resources for multi-layer routing.
|
||||
@@ -374,6 +378,7 @@ spec:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
|
||||
|
||||
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
|
||||
type: string
|
||||
required:
|
||||
@@ -510,6 +515,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
@@ -585,6 +594,7 @@ spec:
|
||||
description: |-
|
||||
ProxyProtocol defines the PROXY protocol configuration.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/service/#proxy-protocol
|
||||
|
||||
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
|
||||
properties:
|
||||
version:
|
||||
@@ -607,6 +617,7 @@ spec:
|
||||
hence fully terminating the connection.
|
||||
It is a duration in milliseconds, defaulting to 100.
|
||||
A negative value means an infinite deadline (i.e. the reading capability is never closed).
|
||||
|
||||
Deprecated: TerminationDelay will not be supported in future APIVersions, please use ServersTransport to configure the TerminationDelay instead.
|
||||
type: integer
|
||||
tls:
|
||||
@@ -627,6 +638,7 @@ spec:
|
||||
description: |-
|
||||
Syntax defines the router's rule syntax.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
|
||||
|
||||
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
|
||||
enum:
|
||||
- v3
|
||||
@@ -766,6 +778,10 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
ingressClassName:
|
||||
description: IngressClassName defines the name of the IngressClass
|
||||
cluster resource.
|
||||
type: string
|
||||
routes:
|
||||
description: Routes defines the list of routes.
|
||||
items:
|
||||
@@ -1061,6 +1077,7 @@ spec:
|
||||
description: |-
|
||||
AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
|
||||
be automatically set to a value derived from the contents of the response.
|
||||
|
||||
Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
|
||||
type: boolean
|
||||
type: object
|
||||
@@ -1089,6 +1106,39 @@ spec:
|
||||
containing user credentials.
|
||||
type: string
|
||||
type: object
|
||||
encodedCharacters:
|
||||
description: EncodedCharacters configures which encoded characters
|
||||
are allowed in the request path.
|
||||
properties:
|
||||
allowEncodedBackSlash:
|
||||
description: AllowEncodedBackSlash defines whether requests with
|
||||
encoded back slash characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedHash:
|
||||
description: AllowEncodedHash defines whether requests with encoded
|
||||
hash characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedNullCharacter:
|
||||
description: AllowEncodedNullCharacter defines whether requests
|
||||
with encoded null characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedPercent:
|
||||
description: AllowEncodedPercent defines whether requests with
|
||||
encoded percent characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedQuestionMark:
|
||||
description: AllowEncodedQuestionMark defines whether requests
|
||||
with encoded question mark characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedSemicolon:
|
||||
description: AllowEncodedSemicolon defines whether requests with
|
||||
encoded semicolon characters in the path are allowed.
|
||||
type: boolean
|
||||
allowEncodedSlash:
|
||||
description: AllowEncodedSlash defines whether requests with encoded
|
||||
slash characters in the path are allowed.
|
||||
type: boolean
|
||||
type: object
|
||||
errors:
|
||||
description: |-
|
||||
ErrorPage holds the custom error middleware configuration.
|
||||
@@ -2213,8 +2263,9 @@ spec:
|
||||
description: |-
|
||||
IPWhiteList defines the IPWhiteList middleware configuration.
|
||||
This middleware accepts/refuses connections based on the client IP.
|
||||
Deprecated: please use IPAllowList instead.
|
||||
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/middlewares/ipwhitelist/
|
||||
|
||||
Deprecated: please use IPAllowList instead.
|
||||
properties:
|
||||
sourceRange:
|
||||
description: SourceRange defines the allowed IPs (or ranges of
|
||||
@@ -2281,6 +2332,12 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
cipherSuites:
|
||||
description: CipherSuites defines the cipher suites to use when contacting
|
||||
backend servers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
disableHTTP2:
|
||||
description: DisableHTTP2 disables HTTP/2 for connections with backend
|
||||
servers.
|
||||
@@ -2341,6 +2398,14 @@ spec:
|
||||
to keep per-host.
|
||||
minimum: -1
|
||||
type: integer
|
||||
maxVersion:
|
||||
description: MaxVersion defines the maximum TLS version to use when
|
||||
contacting backend servers.
|
||||
type: string
|
||||
minVersion:
|
||||
description: MinVersion defines the minimum TLS version to use when
|
||||
contacting backend servers.
|
||||
type: string
|
||||
peerCertURI:
|
||||
description: PeerCertURI defines the peer cert URI used to match against
|
||||
SAN URI during the peer certificate verification.
|
||||
@@ -2371,6 +2436,7 @@ spec:
|
||||
rootCAsSecrets:
|
||||
description: |-
|
||||
RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
|
||||
|
||||
Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
|
||||
items:
|
||||
type: string
|
||||
@@ -2525,6 +2591,7 @@ spec:
|
||||
rootCAsSecrets:
|
||||
description: |-
|
||||
RootCAsSecrets defines a list of CA secret used to validate self-signed certificate.
|
||||
|
||||
Deprecated: RootCAsSecrets is deprecated, please use the RootCAs option instead.
|
||||
items:
|
||||
type: string
|
||||
@@ -2660,6 +2727,7 @@ spec:
|
||||
description: |-
|
||||
PreferServerCipherSuites defines whether the server chooses a cipher suite among his own instead of among the client's.
|
||||
It is enabled automatically when minVersion or maxVersion is set.
|
||||
|
||||
Deprecated: https://github.com/golang/go/issues/45430
|
||||
type: boolean
|
||||
sniStrict:
|
||||
|
||||
12
integration/fixtures/x_forwarded_for.toml
Normal file
12
integration/fixtures/x_forwarded_for.toml
Normal file
@@ -0,0 +1,12 @@
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
[entryPoints.web.forwardedHeaders]
|
||||
insecure = true
|
||||
notAppendXForwardedFor = true
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[providers.file]
|
||||
filename = "{{ .DynamicConfPath }}"
|
||||
11
integration/fixtures/x_forwarded_for_enabled.toml
Normal file
11
integration/fixtures/x_forwarded_for_enabled.toml
Normal file
@@ -0,0 +1,11 @@
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
[entryPoints.web.forwardedHeaders]
|
||||
insecure = true
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[providers.file]
|
||||
filename = "{{ .DynamicConfPath }}"
|
||||
16
integration/fixtures/x_forwarded_for_fastproxy.toml
Normal file
16
integration/fixtures/x_forwarded_for_fastproxy.toml
Normal file
@@ -0,0 +1,16 @@
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
[entryPoints.web.forwardedHeaders]
|
||||
insecure = true
|
||||
notAppendXForwardedFor = true
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[experimental]
|
||||
[experimental.fastProxy]
|
||||
debug = true
|
||||
|
||||
[providers.file]
|
||||
filename = "{{ .DynamicConfPath }}"
|
||||
15
integration/fixtures/x_forwarded_for_fastproxy_enabled.toml
Normal file
15
integration/fixtures/x_forwarded_for_fastproxy_enabled.toml
Normal file
@@ -0,0 +1,15 @@
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
address = ":8000"
|
||||
[entryPoints.web.forwardedHeaders]
|
||||
insecure = true
|
||||
|
||||
[api]
|
||||
insecure = true
|
||||
|
||||
[experimental]
|
||||
[experimental.fastProxy]
|
||||
debug = true
|
||||
|
||||
[providers.file]
|
||||
filename = "{{ .DynamicConfPath }}"
|
||||
@@ -19,6 +19,7 @@ import (
|
||||
// HealthCheck test suites.
|
||||
type HealthCheckSuite struct {
|
||||
BaseSuite
|
||||
|
||||
whoami1IP string
|
||||
whoami2IP string
|
||||
whoami3IP string
|
||||
|
||||
@@ -187,7 +187,7 @@ func RegisterGreeterServer(s *grpc.Server, srv GreeterServer) {
|
||||
s.RegisterService(&_Greeter_serviceDesc, srv)
|
||||
}
|
||||
|
||||
func _Greeter_SayHello_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
|
||||
func _Greeter_SayHello_Handler(srv any, ctx context.Context, dec func(any) error, interceptor grpc.UnaryServerInterceptor) (any, error) {
|
||||
in := new(HelloRequest)
|
||||
if err := dec(in); err != nil {
|
||||
return nil, err
|
||||
@@ -199,13 +199,13 @@ func _Greeter_SayHello_Handler(srv interface{}, ctx context.Context, dec func(in
|
||||
Server: srv,
|
||||
FullMethod: "/helloworld.Greeter/SayHello",
|
||||
}
|
||||
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
|
||||
handler := func(ctx context.Context, req any) (any, error) {
|
||||
return srv.(GreeterServer).SayHello(ctx, req.(*HelloRequest))
|
||||
}
|
||||
return interceptor(ctx, in, info, handler)
|
||||
}
|
||||
|
||||
func _Greeter_StreamExample_Handler(srv interface{}, stream grpc.ServerStream) error {
|
||||
func _Greeter_StreamExample_Handler(srv any, stream grpc.ServerStream) error {
|
||||
m := new(StreamExampleRequest)
|
||||
if err := stream.RecvMsg(m); err != nil {
|
||||
return err
|
||||
|
||||
@@ -877,40 +877,6 @@ func (s *HTTPSSuite) TestWithSNIDynamicConfigRouteWithTlsConfigurationDeletion()
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
// modifyCertificateConfFileContent replaces the content of a HTTPS configuration file.
|
||||
func (s *HTTPSSuite) modifyCertificateConfFileContent(certFileName, confFileName string) {
|
||||
file, err := os.OpenFile("./"+confFileName, os.O_WRONLY, os.ModeExclusive)
|
||||
require.NoError(s.T(), err)
|
||||
defer func() {
|
||||
file.Close()
|
||||
}()
|
||||
err = file.Truncate(0)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// If certificate file is not provided, just truncate the configuration file
|
||||
if len(certFileName) > 0 {
|
||||
tlsConf := dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Certificates: []*traefiktls.CertAndStores{
|
||||
{
|
||||
Certificate: traefiktls.Certificate{
|
||||
CertFile: types.FileOrContent("fixtures/https/" + certFileName + ".cert"),
|
||||
KeyFile: types.FileOrContent("fixtures/https/" + certFileName + ".key"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
var confBuffer bytes.Buffer
|
||||
err := toml.NewEncoder(&confBuffer).Encode(tlsConf)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
_, err = file.Write(confBuffer.Bytes())
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *HTTPSSuite) TestEntryPointHttpsRedirectAndPathModification() {
|
||||
file := s.adaptFile("fixtures/https/https_redirect.toml", struct{}{})
|
||||
s.traefikCmd(withConfigFile(file))
|
||||
@@ -1177,6 +1143,40 @@ func (s *HTTPSSuite) TestWithInvalidTLSOption() {
|
||||
}
|
||||
}
|
||||
|
||||
// modifyCertificateConfFileContent replaces the content of a HTTPS configuration file.
|
||||
func (s *HTTPSSuite) modifyCertificateConfFileContent(certFileName, confFileName string) {
|
||||
file, err := os.OpenFile("./"+confFileName, os.O_WRONLY, os.ModeExclusive)
|
||||
require.NoError(s.T(), err)
|
||||
defer func() {
|
||||
file.Close()
|
||||
}()
|
||||
err = file.Truncate(0)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// If certificate file is not provided, just truncate the configuration file
|
||||
if len(certFileName) > 0 {
|
||||
tlsConf := dynamic.Configuration{
|
||||
TLS: &dynamic.TLSConfiguration{
|
||||
Certificates: []*traefiktls.CertAndStores{
|
||||
{
|
||||
Certificate: traefiktls.Certificate{
|
||||
CertFile: types.FileOrContent("fixtures/https/" + certFileName + ".cert"),
|
||||
KeyFile: types.FileOrContent("fixtures/https/" + certFileName + ".key"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
var confBuffer bytes.Buffer
|
||||
err := toml.NewEncoder(&confBuffer).Encode(tlsConf)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
_, err = file.Write(confBuffer.Bytes())
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestMaxConcurrentStream() {
|
||||
file := s.adaptFile("fixtures/https/max_concurrent_stream.toml", struct{}{})
|
||||
|
||||
|
||||
@@ -71,45 +71,12 @@ type composeDeploy struct {
|
||||
|
||||
type BaseSuite struct {
|
||||
suite.Suite
|
||||
|
||||
containers map[string]testcontainers.Container
|
||||
network *testcontainers.DockerNetwork
|
||||
hostIP string
|
||||
}
|
||||
|
||||
func (s *BaseSuite) waitForTraefik(containerName string) {
|
||||
time.Sleep(1 * time.Second)
|
||||
|
||||
// Wait for Traefik to turn ready.
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/api/rawdata", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains(containerName))
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *BaseSuite) displayTraefikLogFile(path string) {
|
||||
if s.T().Failed() {
|
||||
if _, err := os.Stat(path); !os.IsNotExist(err) {
|
||||
content, errRead := os.ReadFile(path)
|
||||
// TODO TestName
|
||||
// fmt.Printf("%s: Traefik logs: \n", c.TestName())
|
||||
fmt.Print("Traefik logs: \n")
|
||||
if errRead == nil {
|
||||
fmt.Println(string(content))
|
||||
} else {
|
||||
fmt.Println(errRead)
|
||||
}
|
||||
} else {
|
||||
// fmt.Printf("%s: No Traefik logs.\n", c.TestName())
|
||||
fmt.Print("No Traefik logs.\n")
|
||||
}
|
||||
errRemove := os.Remove(path)
|
||||
if errRemove != nil {
|
||||
fmt.Println(errRemove)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (s *BaseSuite) SetupSuite() {
|
||||
if isDockerDesktop(s.T()) {
|
||||
_, err := os.Stat(tailscaleSecretFilePath)
|
||||
@@ -409,7 +376,7 @@ func (s *BaseSuite) displayTraefikLog(output *bytes.Buffer) {
|
||||
if output == nil || output.Len() == 0 {
|
||||
log.Info().Msg("No Traefik logs.")
|
||||
} else {
|
||||
for _, line := range strings.Split(output.String(), "\n") {
|
||||
for line := range strings.SplitSeq(output.String(), "\n") {
|
||||
log.Info().Msg(line)
|
||||
}
|
||||
}
|
||||
@@ -425,7 +392,7 @@ func (s *BaseSuite) getDockerHost() string {
|
||||
return dockerHost
|
||||
}
|
||||
|
||||
func (s *BaseSuite) adaptFile(path string, tempObjects interface{}) string {
|
||||
func (s *BaseSuite) adaptFile(path string, tempObjects any) string {
|
||||
// Load file
|
||||
tmpl, err := template.ParseFiles(path)
|
||||
require.NoError(s.T(), err)
|
||||
@@ -513,3 +480,37 @@ func (s *BaseSuite) composeExec(service string, args ...string) string {
|
||||
|
||||
return string(content)
|
||||
}
|
||||
|
||||
func (s *BaseSuite) waitForTraefik(containerName string) {
|
||||
time.Sleep(1 * time.Second)
|
||||
|
||||
// Wait for Traefik to turn ready.
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/api/rawdata", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains(containerName))
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
|
||||
func (s *BaseSuite) displayTraefikLogFile(path string) {
|
||||
if s.T().Failed() {
|
||||
if _, err := os.Stat(path); !os.IsNotExist(err) {
|
||||
content, errRead := os.ReadFile(path)
|
||||
// TODO TestName
|
||||
// fmt.Printf("%s: Traefik logs: \n", c.TestName())
|
||||
fmt.Print("Traefik logs: \n")
|
||||
if errRead == nil {
|
||||
fmt.Println(string(content))
|
||||
} else {
|
||||
fmt.Println(errRead)
|
||||
}
|
||||
} else {
|
||||
// fmt.Printf("%s: No Traefik logs.\n", c.TestName())
|
||||
fmt.Print("No Traefik logs.\n")
|
||||
}
|
||||
errRemove := os.Remove(path)
|
||||
if errRemove != nil {
|
||||
fmt.Println(errRemove)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
|
||||
package integration
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@ package integration
|
||||
import (
|
||||
"bufio"
|
||||
"net"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -15,6 +16,7 @@ import (
|
||||
|
||||
type ProxyProtocolSuite struct {
|
||||
BaseSuite
|
||||
|
||||
whoamiIP string
|
||||
}
|
||||
|
||||
@@ -124,15 +126,16 @@ func proxyProtoRequest(address string, version byte) (string, error) {
|
||||
}
|
||||
|
||||
// Read the response from the server
|
||||
var content string
|
||||
var content strings.Builder
|
||||
scanner := bufio.NewScanner(conn)
|
||||
for scanner.Scan() {
|
||||
content += scanner.Text() + "\n"
|
||||
content.WriteString(scanner.Text())
|
||||
content.WriteString("\n")
|
||||
}
|
||||
|
||||
if scanner.Err() != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
return content, nil
|
||||
return content.String(), nil
|
||||
}
|
||||
|
||||
@@ -13,6 +13,7 @@ import (
|
||||
|
||||
type RateLimitSuite struct {
|
||||
BaseSuite
|
||||
|
||||
ServerIP string
|
||||
RedisEndpoint string
|
||||
}
|
||||
|
||||
@@ -28,6 +28,7 @@ import (
|
||||
// Redis test suites.
|
||||
type RedisSentinelSuite struct {
|
||||
BaseSuite
|
||||
|
||||
kvClient store.Store
|
||||
redisEndpoints []string
|
||||
}
|
||||
@@ -75,36 +76,6 @@ func (s *RedisSentinelSuite) TearDownSuite() {
|
||||
}
|
||||
}
|
||||
|
||||
func (s *RedisSentinelSuite) setupSentinelConfiguration(ports []string) {
|
||||
for i, port := range ports {
|
||||
templateValue := struct{ SentinelPort string }{SentinelPort: port}
|
||||
|
||||
// Load file
|
||||
templateFile := "resources/compose/config/sentinel_template.conf"
|
||||
tmpl, err := template.ParseFiles(templateFile)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
folder, prefix := filepath.Split(templateFile)
|
||||
|
||||
fileName := fmt.Sprintf("%s/sentinel%d.conf", folder, i+1)
|
||||
tmpFile, err := os.Create(fileName)
|
||||
require.NoError(s.T(), err)
|
||||
defer tmpFile.Close()
|
||||
|
||||
err = tmpFile.Chmod(0o666)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
model := structs.Map(templateValue)
|
||||
model["SelfFilename"] = tmpFile.Name()
|
||||
|
||||
err = tmpl.ExecuteTemplate(tmpFile, prefix, model)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = tmpFile.Sync()
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *RedisSentinelSuite) TestSentinelConfiguration() {
|
||||
file := s.adaptFile("fixtures/redis/sentinel.toml", struct{ RedisAddress string }{
|
||||
RedisAddress: strings.Join(s.redisEndpoints, `","`),
|
||||
@@ -201,3 +172,33 @@ func (s *RedisSentinelSuite) TestSentinelConfiguration() {
|
||||
log.Info().Msg(text)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *RedisSentinelSuite) setupSentinelConfiguration(ports []string) {
|
||||
for i, port := range ports {
|
||||
templateValue := struct{ SentinelPort string }{SentinelPort: port}
|
||||
|
||||
// Load file
|
||||
templateFile := "resources/compose/config/sentinel_template.conf"
|
||||
tmpl, err := template.ParseFiles(templateFile)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
folder, prefix := filepath.Split(templateFile)
|
||||
|
||||
fileName := fmt.Sprintf("%s/sentinel%d.conf", folder, i+1)
|
||||
tmpFile, err := os.Create(fileName)
|
||||
require.NoError(s.T(), err)
|
||||
defer tmpFile.Close()
|
||||
|
||||
err = tmpFile.Chmod(0o666)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
model := structs.Map(templateValue)
|
||||
model["SelfFilename"] = tmpFile.Name()
|
||||
|
||||
err = tmpl.ExecuteTemplate(tmpFile, prefix, model)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
err = tmpFile.Sync()
|
||||
require.NoError(s.T(), err)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ import (
|
||||
// Redis test suites.
|
||||
type RedisSuite struct {
|
||||
BaseSuite
|
||||
|
||||
kvClient store.Store
|
||||
redisEndpoints []string
|
||||
}
|
||||
|
||||
10
integration/resources/compose/x_forwarded_for.toml
Normal file
10
integration/resources/compose/x_forwarded_for.toml
Normal file
@@ -0,0 +1,10 @@
|
||||
[http.routers]
|
||||
[http.routers.router1]
|
||||
entryPoints = ["web"]
|
||||
rule = "PathPrefix(`/`)"
|
||||
service = "service1"
|
||||
|
||||
[http.services]
|
||||
[http.services.service1.loadBalancer]
|
||||
[[http.services.service1.loadBalancer.servers]]
|
||||
url = "{{ .Server }}"
|
||||
@@ -18,6 +18,7 @@ import (
|
||||
|
||||
type RestSuite struct {
|
||||
BaseSuite
|
||||
|
||||
whoamiAddr string
|
||||
}
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
|
||||
type RetrySuite struct {
|
||||
BaseSuite
|
||||
|
||||
whoamiIP string
|
||||
}
|
||||
|
||||
|
||||
@@ -94,6 +94,197 @@ func (s *SimpleSuite) TestSimpleFastProxy() {
|
||||
assert.GreaterOrEqual(s.T(), 1, callCount)
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestXForwardedForDisabled() {
|
||||
srv1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
// Echo back the X-Forwarded-For header
|
||||
xff := req.Header.Get("X-Forwarded-For")
|
||||
_, _ = rw.Write([]byte(xff))
|
||||
}))
|
||||
defer srv1.Close()
|
||||
|
||||
dynamicConf := s.adaptFile("resources/compose/x_forwarded_for.toml", struct {
|
||||
Server string
|
||||
}{
|
||||
Server: srv1.URL,
|
||||
})
|
||||
|
||||
staticConf := s.adaptFile("fixtures/x_forwarded_for.toml", struct {
|
||||
DynamicConfPath string
|
||||
}{
|
||||
DynamicConfPath: dynamicConf,
|
||||
})
|
||||
|
||||
s.traefikCmd(withConfigFile(staticConf))
|
||||
|
||||
// Wait for Traefik to start
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("service1"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Test with appendXForwardedFor = false
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Set an existing X-Forwarded-For header
|
||||
req.Header.Set("X-Forwarded-For", "1.2.3.4")
|
||||
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
require.NoError(s.T(), err)
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// The backend should receive the original X-Forwarded-For header unchanged
|
||||
// (Traefik should NOT append RemoteAddr when appendXForwardedFor = false)
|
||||
assert.Equal(s.T(), "1.2.3.4", string(body))
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestXForwardedForEnabled() {
|
||||
srv1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
// Echo back the X-Forwarded-For header
|
||||
xff := req.Header.Get("X-Forwarded-For")
|
||||
_, _ = rw.Write([]byte(xff))
|
||||
}))
|
||||
defer srv1.Close()
|
||||
|
||||
dynamicConf := s.adaptFile("resources/compose/x_forwarded_for.toml", struct {
|
||||
Server string
|
||||
}{
|
||||
Server: srv1.URL,
|
||||
})
|
||||
|
||||
// Use a config with appendXForwardedFor = true
|
||||
staticConf := s.adaptFile("fixtures/x_forwarded_for_enabled.toml", struct {
|
||||
DynamicConfPath string
|
||||
}{
|
||||
DynamicConfPath: dynamicConf,
|
||||
})
|
||||
|
||||
s.traefikCmd(withConfigFile(staticConf))
|
||||
|
||||
// Wait for Traefik to start
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("service1"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Test with default appendXForwardedFor = true
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Set an existing X-Forwarded-For header
|
||||
req.Header.Set("X-Forwarded-For", "1.2.3.4")
|
||||
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
require.NoError(s.T(), err)
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// The backend should receive the X-Forwarded-For header with RemoteAddr appended
|
||||
// (should be "1.2.3.4, 127.0.0.1" since the request comes from localhost)
|
||||
assert.Contains(s.T(), string(body), "1.2.3.4,")
|
||||
assert.Contains(s.T(), string(body), "127.0.0.1")
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestXForwardedForDisabledFastProxy() {
|
||||
srv1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
// Verify FastProxy is being used
|
||||
assert.Contains(s.T(), req.Header, "X-Traefik-Fast-Proxy")
|
||||
|
||||
// Echo back the X-Forwarded-For header
|
||||
xff := req.Header.Get("X-Forwarded-For")
|
||||
_, _ = rw.Write([]byte(xff))
|
||||
}))
|
||||
defer srv1.Close()
|
||||
|
||||
dynamicConf := s.adaptFile("resources/compose/x_forwarded_for.toml", struct {
|
||||
Server string
|
||||
}{
|
||||
Server: srv1.URL,
|
||||
})
|
||||
|
||||
staticConf := s.adaptFile("fixtures/x_forwarded_for_fastproxy.toml", struct {
|
||||
DynamicConfPath string
|
||||
}{
|
||||
DynamicConfPath: dynamicConf,
|
||||
})
|
||||
|
||||
s.traefikCmd(withConfigFile(staticConf))
|
||||
|
||||
// Wait for Traefik to start
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("service1"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Test with appendXForwardedFor = false
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Set an existing X-Forwarded-For header
|
||||
req.Header.Set("X-Forwarded-For", "1.2.3.4")
|
||||
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
require.NoError(s.T(), err)
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// The backend should receive the original X-Forwarded-For header unchanged
|
||||
// (FastProxy should NOT append RemoteAddr when notAppendXForwardedFor = true)
|
||||
assert.Equal(s.T(), "1.2.3.4", string(body))
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestXForwardedForEnabledFastProxy() {
|
||||
srv1 := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
// Verify FastProxy is being used
|
||||
assert.Contains(s.T(), req.Header, "X-Traefik-Fast-Proxy")
|
||||
|
||||
// Echo back the X-Forwarded-For header
|
||||
xff := req.Header.Get("X-Forwarded-For")
|
||||
_, _ = rw.Write([]byte(xff))
|
||||
}))
|
||||
defer srv1.Close()
|
||||
|
||||
dynamicConf := s.adaptFile("resources/compose/x_forwarded_for.toml", struct {
|
||||
Server string
|
||||
}{
|
||||
Server: srv1.URL,
|
||||
})
|
||||
|
||||
// Use a config with appendXForwardedFor = false (default)
|
||||
staticConf := s.adaptFile("fixtures/x_forwarded_for_fastproxy_enabled.toml", struct {
|
||||
DynamicConfPath string
|
||||
}{
|
||||
DynamicConfPath: dynamicConf,
|
||||
})
|
||||
|
||||
s.traefikCmd(withConfigFile(staticConf))
|
||||
|
||||
// Wait for Traefik to start
|
||||
err := try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("service1"))
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Test with default appendXForwardedFor = true
|
||||
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// Set an existing X-Forwarded-For header
|
||||
req.Header.Set("X-Forwarded-For", "1.2.3.4")
|
||||
|
||||
resp, err := http.DefaultClient.Do(req)
|
||||
require.NoError(s.T(), err)
|
||||
defer resp.Body.Close()
|
||||
|
||||
body, err := io.ReadAll(resp.Body)
|
||||
require.NoError(s.T(), err)
|
||||
|
||||
// The backend should receive the X-Forwarded-For header with RemoteAddr appended
|
||||
// (FastProxy should append RemoteAddr when notAppendXForwardedFor = false)
|
||||
// (should be "1.2.3.4, 127.0.0.1" since the request comes from localhost)
|
||||
assert.Contains(s.T(), string(body), "1.2.3.4,")
|
||||
assert.Contains(s.T(), string(body), "127.0.0.1")
|
||||
}
|
||||
|
||||
func (s *SimpleSuite) TestWithWebConfig() {
|
||||
s.cmdTraefik(withConfigFile("fixtures/simple_web.toml"))
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
// TCPHealthCheckSuite test suite for TCP health checks.
|
||||
type TCPHealthCheckSuite struct {
|
||||
BaseSuite
|
||||
|
||||
whoamitcp1IP string
|
||||
whoamitcp2IP string
|
||||
}
|
||||
|
||||
@@ -21,6 +21,7 @@ import (
|
||||
|
||||
type TracingSuite struct {
|
||||
BaseSuite
|
||||
|
||||
whoamiIP string
|
||||
whoamiPort int
|
||||
tempoIP string
|
||||
|
||||
@@ -19,6 +19,7 @@ const (
|
||||
type timedAction func(timeout time.Duration, operation DoCondition) error
|
||||
|
||||
// Sleep pauses the current goroutine for at least the duration d.
|
||||
//
|
||||
// Deprecated: Use only when use another Try[...] functions is not possible.
|
||||
func Sleep(d time.Duration) {
|
||||
d = applyCIMultiplier(d)
|
||||
@@ -92,10 +93,7 @@ func Do(timeout time.Duration, operation DoCondition) error {
|
||||
panic("timeout must be larger than zero")
|
||||
}
|
||||
|
||||
interval := time.Duration(math.Ceil(float64(timeout) / 15.0))
|
||||
if interval > maxInterval {
|
||||
interval = maxInterval
|
||||
}
|
||||
interval := min(time.Duration(math.Ceil(float64(timeout)/15.0)), maxInterval)
|
||||
|
||||
timeout = applyCIMultiplier(timeout)
|
||||
|
||||
|
||||
@@ -24,6 +24,7 @@ import (
|
||||
// Zk test suites.
|
||||
type ZookeeperSuite struct {
|
||||
BaseSuite
|
||||
|
||||
kvClient store.Store
|
||||
zookeeperAddr string
|
||||
}
|
||||
|
||||
@@ -196,7 +196,7 @@ type errWriter struct {
|
||||
err error
|
||||
}
|
||||
|
||||
func (ew *errWriter) writeln(a ...interface{}) {
|
||||
func (ew *errWriter) writeln(a ...any) {
|
||||
if ew.err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -84,13 +84,7 @@ func (c *searchCriterion) filterMiddleware(mns []string) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
for _, mn := range mns {
|
||||
if c.MiddlewareName == mn {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
return slices.Contains(mns, c.MiddlewareName)
|
||||
}
|
||||
|
||||
func pagination(request *http.Request, maximum int) (pageInfo, error) {
|
||||
@@ -109,10 +103,7 @@ func pagination(request *http.Request, maximum int) (pageInfo, error) {
|
||||
return pageInfo{}, fmt.Errorf("invalid request: page: %d, per_page: %d", page, perPage)
|
||||
}
|
||||
|
||||
endIndex := startIndex + perPage
|
||||
if endIndex >= maximum {
|
||||
endIndex = maximum
|
||||
}
|
||||
endIndex := min(startIndex+perPage, maximum)
|
||||
|
||||
nextPage := 1
|
||||
if page*perPage < maximum {
|
||||
|
||||
@@ -15,7 +15,7 @@ func init() {
|
||||
expvar.Publish("Goroutines2", expvar.Func(goroutines))
|
||||
}
|
||||
|
||||
func goroutines() interface{} {
|
||||
func goroutines() any {
|
||||
return runtime.NumGoroutine()
|
||||
}
|
||||
|
||||
|
||||
@@ -30,11 +30,13 @@ func writeError(rw http.ResponseWriter, msg string, code int) {
|
||||
|
||||
type serviceInfoRepresentation struct {
|
||||
*runtime.ServiceInfo
|
||||
|
||||
ServerStatus map[string]string `json:"serverStatus,omitempty"`
|
||||
}
|
||||
|
||||
type tcpServiceInfoRepresentation struct {
|
||||
*runtime.TCPServiceInfo
|
||||
|
||||
ServerStatus map[string]string `json:"serverStatus,omitempty"`
|
||||
}
|
||||
|
||||
@@ -164,7 +166,7 @@ func getProviderName(id string) string {
|
||||
return strings.SplitN(id, "@", 2)[1]
|
||||
}
|
||||
|
||||
func extractType(element interface{}) string {
|
||||
func extractType(element any) string {
|
||||
v := reflect.ValueOf(element).Elem()
|
||||
for i := range v.NumField() {
|
||||
field := v.Field(i)
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
|
||||
type entryPointRepresentation struct {
|
||||
*static.EntryPoint
|
||||
|
||||
Name string `json:"name,omitempty"`
|
||||
}
|
||||
|
||||
|
||||
@@ -235,7 +235,7 @@ func TestHandler_EntryPoints(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
if *updateExpected {
|
||||
var results interface{}
|
||||
var results any
|
||||
err := json.Unmarshal(contents, &results)
|
||||
require.NoError(t, err)
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ import (
|
||||
|
||||
type routerRepresentation struct {
|
||||
*runtime.RouterInfo
|
||||
|
||||
Name string `json:"name,omitempty"`
|
||||
Provider string `json:"provider,omitempty"`
|
||||
}
|
||||
@@ -34,6 +35,7 @@ func newRouterRepresentation(name string, rt *runtime.RouterInfo) routerRepresen
|
||||
|
||||
type serviceRepresentation struct {
|
||||
*runtime.ServiceInfo
|
||||
|
||||
Name string `json:"name,omitempty"`
|
||||
Provider string `json:"provider,omitempty"`
|
||||
Type string `json:"type,omitempty"`
|
||||
@@ -52,6 +54,7 @@ func newServiceRepresentation(name string, si *runtime.ServiceInfo) serviceRepre
|
||||
|
||||
type middlewareRepresentation struct {
|
||||
*runtime.MiddlewareInfo
|
||||
|
||||
Name string `json:"name,omitempty"`
|
||||
Provider string `json:"provider,omitempty"`
|
||||
Type string `json:"type,omitempty"`
|
||||
|
||||
@@ -1028,7 +1028,7 @@ func TestHandler_HTTP(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
if *updateExpected {
|
||||
var results interface{}
|
||||
var results any
|
||||
err := json.Unmarshal(contents, &results)
|
||||
require.NoError(t, err)
|
||||
|
||||
|
||||
@@ -239,7 +239,7 @@ func TestHandler_Overview(t *testing.T) {
|
||||
KubernetesCRD: &crd.Provider{},
|
||||
Rest: &rest.Provider{},
|
||||
Plugin: map[string]static.PluginConf{
|
||||
"test": map[string]interface{}{},
|
||||
"test": map[string]any{},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -292,7 +292,7 @@ func TestHandler_Overview(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
if *updateExpected {
|
||||
var results interface{}
|
||||
var results any
|
||||
err := json.Unmarshal(contents, &results)
|
||||
require.NoError(t, err)
|
||||
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
|
||||
type tcpRouterRepresentation struct {
|
||||
*runtime.TCPRouterInfo
|
||||
|
||||
Name string `json:"name,omitempty"`
|
||||
Provider string `json:"provider,omitempty"`
|
||||
}
|
||||
@@ -29,6 +30,7 @@ func newTCPRouterRepresentation(name string, rt *runtime.TCPRouterInfo) tcpRoute
|
||||
|
||||
type tcpServiceRepresentation struct {
|
||||
*runtime.TCPServiceInfo
|
||||
|
||||
Name string `json:"name,omitempty"`
|
||||
Provider string `json:"provider,omitempty"`
|
||||
Type string `json:"type,omitempty"`
|
||||
@@ -47,6 +49,7 @@ func newTCPServiceRepresentation(name string, si *runtime.TCPServiceInfo) tcpSer
|
||||
|
||||
type tcpMiddlewareRepresentation struct {
|
||||
*runtime.TCPMiddlewareInfo
|
||||
|
||||
Name string `json:"name,omitempty"`
|
||||
Provider string `json:"provider,omitempty"`
|
||||
Type string `json:"type,omitempty"`
|
||||
|
||||
@@ -964,7 +964,7 @@ func TestHandler_TCP(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
if *updateExpected {
|
||||
var results interface{}
|
||||
var results any
|
||||
err := json.Unmarshal(contents, &results)
|
||||
require.NoError(t, err)
|
||||
|
||||
|
||||
@@ -178,7 +178,7 @@ func TestHandler_GetMiddleware(t *testing.T) {
|
||||
middlewareName string
|
||||
conf runtime.Configuration
|
||||
expectedStatus int
|
||||
expected interface{}
|
||||
expected any
|
||||
}{
|
||||
{
|
||||
desc: "Middleware not found",
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user